I am using TOTP Algorithm for generating OTP But I am not getting one point, why this algorithm is generating same password again and again, is there any time frame set here? I am trying to generate OTP every 1 sec but unable to do so.

 import java.lang.reflect.UndeclaredThrowableException; import java.security.GeneralSecurityException; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.math.BigInteger; import java.util.TimeZone;  public class TOTP {  private TOTP() {} /** * This method uses the JCE to provide the crypto * algorithm. * HMAC computes a Hashed Message Authentication Code with the * crypto hash algorithm as a parameter. * * @param crypto the crypto algorithm (HmacSHA1, HmacSHA256, *                            HmacSHA512) * @param keyBytes the bytes to use for the HMAC key * @param text the message or text to be authenticated. */ private static byte[] hmac_sha(String crypto, byte[] keyBytes,         byte[] text){    try {        Mac hmac;        hmac = Mac.getInstance(crypto);        SecretKeySpec macKey =            new SecretKeySpec(keyBytes, "RAW");        hmac.init(macKey);        return hmac.doFinal(text);    } catch (GeneralSecurityException gse) {        throw new UndeclaredThrowableException(gse);    }  } /** * This method converts HEX string to Byte[] * * @param hex the HEX string *  * @return A byte array   */ private static byte[] hexStr2Bytes(String hex){    // Adding one byte to get the right conversion    // values starting with "0" can be converted    byte[] bArray = new BigInteger("10" + hex,16).toByteArray();        // Copy all the REAL bytes, not the "first"    byte[] ret = new byte[bArray.length - 1];    for (int i = 0; i < ret.length ; i++)         ret[i] = bArray[i+1];    return ret;  } private static final int[] DIGITS_POWER // 0 1  2   3    4     5      6       7        8                  = {1,10,100,1000,10000,100000,1000000,10000000,100000000 }; /** * This method generates an TOTP value for the given * set of parameters. * * @param key the shared secret, HEX encoded * @param time a value that reflects a time  * @param returnDigits number of digits to return  *  * @return A numeric String in base 10 that includes *              {@link truncationDigits} digits  */ public static String generateTOTP(String key,        String time,        String returnDigits){    return generateTOTP(key, time, returnDigits, "HmacSHA1"); } /** * This method generates an TOTP value for the given * set of parameters. * * @param key the shared secret, HEX encoded * @param time a value that reflects a time  * @param returnDigits number of digits to return  *  * @return A numeric String in base 10 that includes *              {@link truncationDigits} digits  */public static String generateTOTP256(String key,        String time,        String returnDigits){    return generateTOTP(key, time, returnDigits, "HmacSHA256"); } /** * This method generates an TOTP value for the given * set of parameters. * * @param key the shared secret, HEX encoded * @param time a value that reflects a time  * @param returnDigits number of digits to return  *  * @return A numeric String in base 10 that includes *              {@link truncationDigits} digits  */ public static String generateTOTP512(String key,        String time,        String returnDigits){    return generateTOTP(key, time, returnDigits, "HmacSHA512"); }/** * This method generates an TOTP value for the given * set of parameters. * * @param key the shared secret, HEX encoded * @param time a value that reflects a time  * @param returnDigits number of digits to return  * @param crypto the crypto function to use  *  * @return A numeric String in base 10 that includes *              {@link truncationDigits} digits  */ public static String generateTOTP(String key,        String time,        String returnDigits,        String crypto){    int codeDigits = Integer.decode(returnDigits);    String result = null;    // Using the counter    // First 8 bytes are for the movingFactor    // Complaint with base RFC 4226 (HOTP)    while(time.length() < 16 )        time = "0" + time;    // Get the HEX in a Byte[]    byte[] msg = hexStr2Bytes(time);    byte[] k = hexStr2Bytes(key);    byte[] hash = hmac_sha(crypto, k, msg);    // put selected bytes into result int    int offset = hash[hash.length - 1] & 0xf;    int binary =        ((hash[offset] & 0x7f) << 24) |         ((hash[offset + 1] & 0xff) << 16) |         ((hash[offset + 2] & 0xff) << 8) |         (hash[offset + 3] & 0xff);    int otp = binary % DIGITS_POWER[codeDigits];    result = Integer.toString(otp);    while (result.length() < codeDigits) {        result = "0" + result;    }    return result; } public static void main(String[] args) {    // Seed for HMAC-SHA512 - 64 bytes    String seed64 = "3132333435363738393031323334353637383930" +    "3132333435363738393031323334353637383930" +    "3132333435363738393031323334353637383930" +    "31323334";    long T0 = 0;    long X = 30;    long testTime[] = {59L};    String steps = "0";    DateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");    df.setTimeZone(TimeZone.getTimeZone("UTC"));    try{        System.out.println(                "+---------------+-----------------------+" +        "------------------+--------+--------+");        System.out.println(                "|  Time(sec)    |   Time (UTC format)   " +        "| Value of T(Hex)  |  TOTP  | Mode   |");        System.out.println(                "+---------------+-----------------------+" +        "------------------+--------+--------+");        for(int i=0; i<testTime.length; i++) {                   long T = (testTime[i] - T0)/X;            steps = Long.toHexString(T).toUpperCase();            while(steps.length() < 16) steps = "0" + steps;            String fmtTime = String.format("%1$-11s", testTime[i]);            String utcTime = df.format(new Date(testTime[i]*1000));            System.out.print("|  " + fmtTime + "  |  " + utcTime +                      "  | " + steps + " |");               System.out.println(generateTOTP(seed64, steps, "8",             "HmacSHA512") + "| SHA512 |");            System.out.println(                    "+---------------+-----------------------+" +            "------------------+--------+--------+");        }    }catch (final Exception e){        System.out.println("Error : " + e);    }}}

I have two seperate files; one .sql and one .sql.sha512 (1kb).

And I need help to be able to view this .sql file in text format. I was using this .sql file years ago thanks to a friend of mine who helped me on the steps I should take.

I vaguely remember that he made me install an sql server(mysql?) and i also remember that i did some command prompt entries thanks to my friends help. And after that, I could be able to open that .sql file and view as text file which I used Sublime to read in to. I might have skipped some details, it was many years ago, but it was a fairly easy process which didn't take so long.

I would like to access it and view in text format again but since it's not possible for me to reach my friend anymore, I thought this would be the best place to ask for help for a dummy like me.

Anyone knows how to reproduce PHP hashing method hash(‘SHA512’, $value, true) in swift ? I tried to use CommonCrypto C library with this code :

extension String {    func digest(length:Int32, gen:(data: UnsafePointer<Void>, len: CC_LONG, md: UnsafeMutablePointer<UInt8>) -> UnsafeMutablePointer<UInt8>) -> String {        var cStr = [UInt8](self.utf8)        var result = [UInt8](count:Int(length), repeatedValue:0)        gen(data: &cStr, len: CC_LONG(cStr.count), md: &result)        let output = NSMutableString(capacity:Int(length))        for r in result {            output.appendFormat("%02x", r)        }        return String(output)    }}

and used it like this :

var digest = salted.digest(CC_SHA512_DIGEST_LENGTH, gen: {(data, len, md) in CC_SHA512(data,len,md)})

But I don't get the right output

EDIT :

I have some PHP code :

echo base64_encode(hash('sha512', '8yOrBmkd', true)); // output: rlltLWeWaQCrfNTYMa0CcIs0mfLoHGAynrd+d8H65+rGAzHS/BSWsumwSmcxF9aAG9TIzXx+HOjArPyLL3herg==

And I want my swift code to output the same. The Base64 encoding is ok :

let utf8str = input.dataUsingEncoding(NSUTF8StringEncoding)!.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(rawValue: 0))                let base64Encoded = utf8str!.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(rawValue: 0))                print("Encoded:  \(base64Encoded)")

But the hashing part return an output the same value as this PHP code :

echo base64_encode(hash('sha512', '8yOrBmkd', false)); // output: YWU1OTZkMmQ2Nzk2NjkwMGFiN2NkNGQ4MzFhZDAyNzA4YjM0OTlmMmU4MWM2MDMyOWViNzdlNzdjMWZhZTdlYWM2MDMzMWQyZmMxNDk2YjJlOWIwNGE2NzMxMTdkNjgwMWJkNGM4Y2Q3YzdlMWNlOGMwYWNmYzhiMmY3ODVlYWU=

Need to create hash token using SHA-512 Algorithm, So on using _digest function of jmeter, I am getting a different token.What is "salt"? is it same as secret key ?How to use it?

${__digest(SHA-512,{test_test_test},SXF,,)}

SHA1 is completely insecure and should be replaced.

This question is 8+ years old and times have changed: https://arstechnica.com/information-technology/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

For passwords: https://en.wikipedia.org/wiki/PBKDF2

For data: SHA3

SHA512 is more complex than SHA1, but how much security am I losing by hashing a salted password with SHA1 compared to hashing it with 512? in terms of the time it would take for someone who has the db to crack a single password. I'm using a framework that doesn't give me easy access to SHA512, I'd have to override stuff to make it work, so I'm thinking to just use SHA1, though in the past I've always used SHA512.