From WikiChip
Editing mirc/identifiers/$hmac
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
This page supports semantic in-text annotations (e.g. "[[Is specified as::World Heritage Site]]") to build structured and queryable content provided by Semantic MediaWiki. For a comprehensive description on how to use annotations or the #ask parser function, please have a look at the getting started, in-text annotation, or inline queries help pages.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
{{mirc title|$hmac Identifier}}'''$hmac''' returns an HMAC (keyed-Hash Message Authentication Code) based on the supplied key. See the Wikipedia page for algorithm details. $hmac is used to provide the security strength for the $hotp and $totp identifiers. | {{mirc title|$hmac Identifier}}'''$hmac''' returns an HMAC (keyed-Hash Message Authentication Code) based on the supplied key. See the Wikipedia page for algorithm details. $hmac is used to provide the security strength for the $hotp and $totp identifiers. | ||
+ | |||
== Synopsis == | == Synopsis == | ||
<pre>$hmac(text|&binvar|filename, key, hash, N)</pre> | <pre>$hmac(text|&binvar|filename, key, hash, N)</pre> | ||
+ | |||
== Paramters == | == Paramters == | ||
* '''text|&binvar|filename''' - the input | * '''text|&binvar|filename''' - the input | ||
Line 7: | Line 9: | ||
* '''N''' - the type of input, use N = 0 if input is plain text, N = 1 for &binvar, and 2 for filename | * '''N''' - the type of input, use N = 0 if input is plain text, N = 1 for &binvar, and 2 for filename | ||
* '''hash''' - optional, hashing algorithm, can be md5, sha1 (default), sha256, sha384, or sha512. | * '''hash''' - optional, hashing algorithm, can be md5, sha1 (default), sha256, sha384, or sha512. | ||
+ | |||
Due to algorithm design: | Due to algorithm design: | ||
* output is a hash digest that's the same length as the digest for the hash parameter (default sha1) | * output is a hash digest that's the same length as the digest for the hash parameter (default sha1) | ||
* If key length is longer than hash block length (128 bytes for sha512/384 64 bytes for md5/sha1/sha256), key shortened to be the binary hash digest of the key. | * If key length is longer than hash block length (128 bytes for sha512/384 64 bytes for md5/sha1/sha256), key shortened to be the binary hash digest of the key. | ||
− | * HMAC is designed for non-binary keys. Shorter keys | + | * HMAC is designed for non-binary keys. Shorter keys padded with 0x00's to 'hash block length', so keys differing by the number of trailing 0x00's are identical. |
* Because HMAC uses 2 nested hashes using 2 modified copies of the key, usage as an authentication hash is not vulnerable to the length extension attack against auth_hash=$sha512(secret $+ message), and using hash=md5 isn't as vulnerable to the other weaknesses in md5. | * Because HMAC uses 2 nested hashes using 2 modified copies of the key, usage as an authentication hash is not vulnerable to the length extension attack against auth_hash=$sha512(secret $+ message), and using hash=md5 isn't as vulnerable to the other weaknesses in md5. | ||
== Properties == | == Properties == | ||
None | None | ||
+ | |||
== Example == | == Example == | ||
<source lang="mIRC"> | <source lang="mIRC"> | ||
Line 21: | Line 25: | ||
When given "message 1" and the $hmac output, it should require knowledge of 'key' to avoid brute-force testing for 'key' that would generate the correct hash output for $hmac(message 2,key,sha1,0) and preventing an outsider from counterfeiting a message. | When given "message 1" and the $hmac output, it should require knowledge of 'key' to avoid brute-force testing for 'key' that would generate the correct hash output for $hmac(message 2,key,sha1,0) and preventing an outsider from counterfeiting a message. | ||
− | When receiving a file as an email attachment, and the email message contains the HMAC hash, the receiver can verify the file has not been tampered with by an outsider who does not know 'shared secret' | + | When receiving a file as an email attachment, and the email message contains the HMAC hash, the receiver can verify the file has not been tampered with by an outsider who does not know 'shared secret': $hmac(filename,shared secret,sha256,2) |
Generate HMAC hash of binary string: | Generate HMAC hash of binary string: | ||
//bset -t &v 1 abc | echo -a $hmac(abc,key,sha1,0) same as $hmac(&v,key,sha1,1) | //bset -t &v 1 abc | echo -a $hmac(abc,key,sha1,0) same as $hmac(&v,key,sha1,1) | ||
− | |||
− | |||
− | |||
</source> | </source> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
== Compatibility == | == Compatibility == | ||
{{mIRC compatibility|7.42}} | {{mIRC compatibility|7.42}} | ||
+ | |||
== See Also == | == See Also == | ||
{{collist | {{collist | ||
− | |count = | + | |count = 6 |
|style = width: 100%; display: inherit; | |style = width: 100%; display: inherit; | ||
| | | |