hmac

i am asking myself if it would be dangerous on a asp.net page´s codebehind to use an static (Shared) variable which holds an HMACSHA1-instance. the problem is that the same HMACSHA1-instance would be used by all the asp.net worker-process´ threads when processing multiple simultaneous requests on the same asp.net-page. all (HMACSHA1)instance- and ComputeHash()-method variables which are used/modified by ComputeHash() would be shared (= could be modified) by all the threads?! is that assumption correct? as a result the return value of ComputeHash would not be guaranteed to be correct?!?! thus i

Since SHA-3 seems to be an already known function (Keccak as the finalist of NIST hash function competition) I have several questions related to this topic: NIST site says that NIST is closed due to a lapse in government funding. Is there any chance that SHA-3 will ever be finally accepted? BouncyCastle library has an implementation of SHA-3 which digest results are the same as examples posted in wikipedia article (I tested this). Since the final standard is not approved, can this be trusted? Wikipedia says this is likely to be changed but how can it change as the final algorithm does not seem

I'm using Python 2.7 and am creating an HMAC using the hmac library. Python 3.3 includes a compare_digest() function that will compare two digests and resist timing attacks, but that's not available in 2.7. Prevailing advice is not to roll my own crypto, so are there any mature Python libraries that provide that functionality? PyCrypto does not appear to. For anyone finding this from search, if using Django, then you can also use the constant_time_compare function in django.utils.crypto . >>> from django.utils.crypto import constant_time_compare >>> constant_time_compare("foo", "bar") False >>

I am trying to replicate the following code in PHP , It is example code for an API I have to interface with (The API & Example code is in C# , My app is in PHP 5.3 ). I'm not a C# developer and so am having trouble doing this. // C# Code I am trying to replicate in PHP var apiTokenId = 1887; var apiToken = "E1024763-1234-5678-91E0-T32E4E7EB316"; // Used to authenticate our request by the API (which is in C#) var stringToSign = string.Empty; stringToSign += "POST"+"UserAgent"+"http://api.com/post"; // Here is the issue, How can I do the following 3 lines in PHP? // No "secret key" provided?..

I'm trying to quickly get a buggy .Net client library for a third party service I'm using to work. The original library (which works) is written in Ruby, but their equivalent library for DotNet produces differing hash output to the Ruby library. The Ruby encryption code is as follows: def self.encrypt_string(input_string) raise Recurly::ConfigurationError.new("Recurly gem not configured") unless Recurly.private_key.present? digest_key = ::Digest::SHA1.digest(Recurly.private_key) sha1_hash = ::OpenSSL::Digest::Digest.new("sha1") ::OpenSSL::HMAC.hexdigest(sha1_hash, digest_key, input_string.to_s

This question already has an answer here : PHP JWT Token Invalid Signature (1 answer) Closed 2 years ago . I am using JWT in my application for login authentication process. To generate the token I am using: Jwts.builder().setSubject(username).signWith(SignatureAlgorithm.HS512, MacProvider.generateKey()).compact(); Generated Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJlaG91c2VAZGV2ZXJldXgub3JnIn0.5SX-aU-p_RlfC3CZa-YXnQu_YR7RsG2Xfim3LOmlqxjAZrIyZiz0fYZwViHr113ms8TNvngcJcV07U4hK-RBZQ When I decode this token in jwt.io debugger it tells me an invalid Signature. I am not able to find the reason of this

This is a very basic question, but what is the difference between EVP and HMAC? EVP is a message digest, but how does that differ from what is generated by HMAC? ... what is the difference between EVP and HMAC EVP_* functions are a high level interface. HMAC_* , AES_* and friends are lower level primitives. You can work with either, but its recommended you work with the EVP_* functions. The HMAC_* routines are software based and don't use hardware. The EVP_* functions will allow you to easily swap in different hashes and the code essentially remains the same. And you will take advantage of