HMAC Keyed-Hashing for Message Authentication

Others 2020-03-28 11:36:52 views: null
hmac principle

Computing a hash function HMAC requires hash (or may be md5 sha-1) key and a key. L hash function output is represented by long strings (MD5 16), B is represented by the length of the data block (sha-1 and MD5 divided data block length is 64). The encryption key length may be less than equal to the data block length B, is greater than if the data block length, may use the hash function to the key conversion, the result is a long L key.

According to RFC 2316 (Report of the IAB, April 1998), HMAC (Hashed Message Authentication Code: Hashed Message Authentication Code) is considered, and IPSec security critical core protocol Interact. It is not a hash function, instead of using the MD5 message authentication mechanisms or SHA1 hash function with the shared secret key (public key / private key pair different) used together. Basically, in combination with the key message and runs a hash function. Then run the results combined with the key and run the hash function once again. The 128-bit result is truncated to 96 become MAC.

Then create two different long strings B:

  • innerpad = length of B 0 × 36
  • outterpad = length of B 0 × 5C

HMAC calculation input string str:

  • hash(key ^ outterpad, hash(key ^ innerpad, str))
hmac applications

hmac mainly used in identity verification, its use is this:

  1. Client requests to sign (assume GET request is the browser)
  2. The server returns a random value and the random value recorded in the session
  3. The client random value as a key, the user password hmac operation, and submitted to the server
  4. User database server reads the user password and the random value transmitted in the step 2 and the client doing the same calculation hmac, and then compared with the results sent by the user, the user if the verification results are consistent legitimate

In this process, it is subject to security attacks are random values ​​and hmac users to send the results sent by the server, and for the interception of the two values ​​of hackers these two values ​​makes no sense, no get user password introduced the possibility to make a random value hmac only valid in the current session, greatly enhancing the safety and practicality. Most languages ​​have achieved hmac algorithm, such as php's mhash, python's hmac.py, java class of MessageDigest, hmac use in web verification is possible, md5 speed operation with js is also relatively fast.

Python
>>> import hmac
>>> message = b'Hello, world!'
>>> key = b'secret'
>>> h = hmac.new(key, message, digestmod='MD5')
>>> # 如果消息很长,可以多次调用h.update(msg)
>>> h.hexdigest()
'fa4ee7d173f2d97ee79022d1a7355bcf'
LU_ZHAO
Published 273 original articles · won praise 13 · views 70000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/LU_ZHAO/article/details/105146791
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com