HMAC algorithm

Others 2019-09-10 22:33:36 views: null

HMAC algorithm is a key-based authentication method of message integrity  , its security is built on the basis of the encryption algorithm Hash on. It requires communication parties shared key agreement algorithm, for packet Hash operation to form the authentication code of a fixed length. Communicating parties to determine the legitimacy of the message by checking the authentication code. HMAC algorithm can be used for encryption, digital signatures, message validation  . (I feel to do with the actual situation HMAC encryption is encrypted as irreversible, unlike with DES / AES This reversible encryption; HMAC and feel very much like random salt Hash Algorithm)

Stating: HMAC key is associated hash message authentication code (Hash-based Message Authentication Code), HMAC calculation using a hash algorithm, and a message to a key input, as an output to generate a message digest.

HMAC algorithm defined

HMAC algorithm is a "checksum" algorithm execution, if it is checked by the data "check" the data is changed. Before the transmission data, HMAC algorithm block and the two sides agreed public key "hashed" to generate what is called "summary" of the additional data block to be transmitted. When the data reaches its destination and summary, on the use of HMAC algorithm to generate a further check and, if the two numbers match, then the data is not made any tampering. Otherwise, it means that the data is made by the hands and feet of some ulterior motive in transit or storage.

HMAC algorithm defined represented by the following formula:

HMAC(K,M)=H((K’⊕opad)∣H((K’⊕ipad)∣M))

Step HMAC encryption algorithm

(1) was added to 0 or to create a key K H is treated with a word length of the character string B after the key K. (E.g., if the word length is 20 K bytes, B = 64 bytes, then K will be added after the zero byte 0x00 44; if K is a word length of 120 bytes, B = 64 bytes will be used H effect generated after the 64-byte string K)

(2) generated in the previous step and ipad string word length B XOR operation.

(3) the data stream to the results of the second filling text string.

(4) H and generated data stream in the third step.

(5) generated in Step B and the word length opad string XOR operation.

(6) then the result of the fourth step is filled into the fifth step the results.

(7) H and generated in a sixth step the data stream, output the final result.

With the figure shows that:

 

 

 

HMAC algorithm pseudocode implementation
function hmac (key, message) {
if  (length(key) > blocksize) {
key = hash(key)  // keys longer than blocksize are shortened
}
if  (length(key) < blocksize) {
// keys shorter than blocksize are zero-padded (where ∥ is concatenation)
key = key  [  0x00  * (blocksize - length(key))]  // Where * is repetition.
}
o_pad = [  0x5c  * blocksize]  // Where blocksize is that of the underlying hash function
i_pad = [  0x36  * blocksize]
o_key_pad = o_pad  key  // Where ⊕ is exclusive or (XOR)
i_key_pad = i_pad  key
return  hash(o_key_pad  hash(i_key_pad  message))  // Where ∥ is concatenation
}
Typical applications HMAC algorithm

A typical application HMAC algorithm is used in the "challenge / response" (Challenge / Response) authentication, the authentication process is as follows:

(1) the client will send a request to the authentication server.

(2) to request the server generates a random number and transmitted over the network to the client (this is the challenge).

(3) the client receives the random number with its own key and HMAC-SHA1 to obtain a calculation result as an evidence of the authentication to the server (the response).

(4) At the same time, the server also uses the client key with the random number stored in the server database is HMAC-SHA1 calculation, if the same operation result of the client server returns a response result, the client is considered a legitimate user.

Security HMAC algorithm

HMAC algorithm introduces key, its safety is no longer totally dependent on the use of HASH algorithm has the following main security guarantee:

(1) Use the key is that both sides agreed in advance, a third party can not know. As it can be seen from the description above, the application process, as a third party to intercept illegal information, information that can be obtained only as a result of HMAC "response" and "challenge" as a random number and could not figure out from these two key data. Because they do not know the key, you can not fake a consistent response.

(2) In the application HMAC algorithm, the third party can not know in advance the output (if you know, do not enter the structure, you can direct the output to the server).

(3) HMAC algorithm with the important difference that it has a general encryption "instantaneous" nature, that certification is only valid at the time, but after the encryption algorithm is broken, the result of the previous encryption can be decrypted.

Guess you like

Origin www.cnblogs.com/shoshana-kong/p/11497676.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com