I've been learning about cryptography lately and how slow hashes are the best to prevent brute-force attacks. I tried using SHA-256 in C++ implemented from this resource, which is fantastic, but it's very very fast. I changed up one of my brute-force programs to search for the SHA-256 hash of the password to see if we got a match, and it didn't take as long as I could've hoped. Currently with the (relatively very slow) brute force program I made myself, we get a table like this:
Password | runtime plaintext | passwords/sec plaintext | runtime SHA-256 | passwords/sec SHA-256 zzz | 1.18 seconds | 149,985 | 6.2 seconds | 28,564
Obviously, a skilled attacker would have a program that guesses more than 28,000 passwords/second at max speed. I tried using Bcrypt from OpenWall, but I couldn't find any good documentation on how to use it in my actual program!
Is there any way to slow down my hashing method, or should I use another way to hash in C++? If the latter, please let me know which resources you think could help me - I'm just starting out in cryptography and don't know much. Thanks!!!
I'm trying to generate HMAC of a message. The algo for HMAC generation is SHA256. The issue is i have a base64 encoded key(shared secret). How can i decode this secret to get the required hmac
var hmac = require('crypto').createHmac('SHA256', "SOME_BASE64_ENCODED_SHARED_SECRET").update("MESSAGE").digest('base64');
This hmac is sent to a java service. The way it does hmac generation is as follows:
Mac mac = Mac.getInstance("HmacSha256");SecretKey sharedKey = new SecretKeySpec(Base64.getDecoder().decode("SOME_BASE64_ENCODED_SHARED_SECRET"), "TlsPremasterSecret");mac.init(sharedKey);byte messageBytes = "MESSAGE".getBytes("UTF-8");byte expectedHmac = mac.doFinal(messageBytes);String hmac = Base64.getEncoder().encodeToString(expectedHmac));
Now, the HMACs generated by my nodejs code does not match with Java service code. How do i solve this problem?
I need to generate a HmacSHA256 signature using python with the following parameters to the signature:
merchantId = "testMerchantExample"apiHost = "apitest.example.com" apiUrl = "/v1/example?startDate=2019-07-01&organizationId=" + merchantId keyId = "KeyIdHere"keyString = "KeyStringHere"signatureParams = "host: "+apiHost+"\n" + "date: " + date + "\n" + "(request-target): get "+apiUrl+"\n" + "merchant-id: " + merchantId
These parameters need to then be passed into the function to generate the SHA256 signature.
I dont know how to do this in Python 2.7, I have seen some examples generating signatures etc. But none with these parameters. They use the following python libs:
import hmac import hashlib
Any help would be appreciated.
Here is code that I found online, it works and generated the signature correctly yay:
import hmacimport hashlib import binasciidef create_sha256_signature(key, message): byte_key = binascii.unhexlify(key) message = message.encode() return hmac.new(byte_key, message, hashlib.sha256).hexdigest().upper()
I am generating HMAC-SHA256 in Java. If the key is set to "" then The following exception is thrown:
java.lang.IllegalArgumentException: Empty key
CryptoJS.HmacSHA256("Sample Text", "") method in CryptoJS. In Java a space is also accepted as key but empty key is not accepted.
Is it possible to use empty key in Java?
I have a script in python that takes a salt and returns proof usingsha256.
import sysfrom hashlib import sha256def generate_proof(salt): secret_salt = SECRET + salt hexadecimal = secret_salt.decode('hex') proof = sha256(hexadecimal).hexdigest() return proof
I think my biggest problem is finding the sha256 equivalent library in JS.