From WikiChip
Difference between revisions of "mirc/identifiers/$hmac"
< mirc‎ | identifiers

(Created page with "{{mirc title|$hmac Identifier}}'''$hmac''' returns an HMAC (keyed-Hash Message Authentication Code) based on the supplied key == Synopsis == <pre>$hmac(text|&binvar|filename...")
 
(Add'l syntax)
Line 1: Line 1:
{{mirc title|$hmac Identifier}}'''$hmac''' returns an HMAC (keyed-Hash Message Authentication Code) based on the supplied key
+
{{mirc title|$hmac Identifier}}'''$hmac''' returns an HMAC (keyed-Hash Message Authentication Code) based on the supplied key. See the Wikipedia page for algorithm details. $hmac is used to provide the security strength for the $hotp and $totp identifiers.
 
 
  
 
== Synopsis ==
 
== Synopsis ==
Line 10: Line 9:
 
* '''N''' - the type of input, use N = 0 if input is plain text, N = 1 for &binvar, and 2 for filename
 
* '''N''' - the type of input, use N = 0 if input is plain text, N = 1 for &binvar, and 2 for filename
 
* '''hash''' - optional, hashing algorithm, can be md5, sha1 (default), sha256, sha384, or sha512.
 
* '''hash''' - optional, hashing algorithm, can be md5, sha1 (default), sha256, sha384, or sha512.
 +
 +
 +
Due to algorithm design:
 +
* output is a hash digest that's the same length as the digest for the hash parameter (default sha1)
 +
* If key length is longer than hash block length (128 bytes for sha512/384 64 bytes for md5/sha1/sha256), key shortened to be the binary hash digest of the key.
 +
* HMAC is designed for non-binary keys. Shorter keys padded with 0x00's to 'hash block length', so keys differing by the number of trailing 0x00's are identical.
 +
* Because HMAC uses 2 nested hashes using 2 modified copies of the key, usage as an authentication hash is not vulnerable to the length extension attack against auth_hash=$sha512(secret $+ message), and using hash=md5 isn't as vulnerable to the other weaknesses in md5.
  
 
== Properties ==
 
== Properties ==
Line 15: Line 21:
  
 
== Example ==
 
== Example ==
<source lang="mIRC">None</source>
+
<source lang="mIRC">
 +
//echo -a $hmac(message 1,key,sha1,0)
 +
When given "message 1" and the $hmac output, it should require knowledge of 'key' to avoid brute-force testing for 'key' that would generate the correct hash output for $hmac(message 2,key,sha1,0) and preventing an outsider from counterfeiting a message.
 +
 
 +
When receiving a file as an email attachment, and the email message contains the HMAC hash, the receiver can verify the file has not been tampered with by an outsider who does not know 'shared secret': $hmac(filename,shared secret,sha256,2)
 +
 
 +
Generate HMAC hash of binary string:
 +
//bset -t &v 1 abc | echo -a $hmac(abc,key,sha1,0) same as $hmac(&v,key,sha1,1)
 +
</source>
  
 
== Compatibility ==
 
== Compatibility ==
Line 21: Line 35:
  
 
== See Also ==
 
== See Also ==
{{mIRC|$hotp}}
+
{{collist
 
+
|count = 6
[[Category:mIRC identifiers]]
+
|style = width: 100%; display: inherit;
 +
|
 +
* {{mIRC|$hotp}}
 +
* {{mIRC|$totp}}
 +
* {{mIRC|$sha1}}
 +
* {{mIRC|$sha256}}
 +
* {{mIRC|$sha512}}
 +
* {{mIRC|$sha384}}
 +
* {{mIRC|$md5}}
 +
}}

Revision as of 15:37, 17 May 2018

$hmac returns an HMAC (keyed-Hash Message Authentication Code) based on the supplied key. See the Wikipedia page for algorithm details. $hmac is used to provide the security strength for the $hotp and $totp identifiers.

Synopsis

$hmac(text|&binvar|filename, key, hash, N)

Paramters

  • text|&binvar|filename - the input
  • key - the key
  • N - the type of input, use N = 0 if input is plain text, N = 1 for &binvar, and 2 for filename
  • hash - optional, hashing algorithm, can be md5, sha1 (default), sha256, sha384, or sha512.


Due to algorithm design:

  • output is a hash digest that's the same length as the digest for the hash parameter (default sha1)
  • If key length is longer than hash block length (128 bytes for sha512/384 64 bytes for md5/sha1/sha256), key shortened to be the binary hash digest of the key.
  • HMAC is designed for non-binary keys. Shorter keys padded with 0x00's to 'hash block length', so keys differing by the number of trailing 0x00's are identical.
  • Because HMAC uses 2 nested hashes using 2 modified copies of the key, usage as an authentication hash is not vulnerable to the length extension attack against auth_hash=$sha512(secret $+ message), and using hash=md5 isn't as vulnerable to the other weaknesses in md5.

Properties

None

Example

//echo -a $hmac(message 1,key,sha1,0)
When given "message 1" and the $hmac output, it should require knowledge of 'key' to avoid brute-force testing for 'key' that would generate the correct hash output for $hmac(message 2,key,sha1,0) and preventing an outsider from counterfeiting a message.
 
When receiving a file as an email attachment, and the email message contains the HMAC hash, the receiver can verify the file has not been tampered with by an outsider who does not know 'shared secret': $hmac(filename,shared secret,sha256,2)
 
Generate HMAC hash of binary string:
//bset -t &v 1 abc | echo -a $hmac(abc,key,sha1,0) same as $hmac(&v,key,sha1,1)

Compatibility

Added: mIRC v7.42
Added on: 17 Jul 2015
Note: Unless otherwise stated, this was the date of original functionality.
Further enhancements may have been made in later versions.


See Also