sha1

New to JS, I'm also learning to use crypto libraries. I don't understand why signing/encoding the same message with the same secret yields differing results. I'm using jsSHA 1.3.1 found here , and CryptoJS 3.0.2 described here trying to create a base64 sha-1 encoded hmac signature. Here's the code: In html... <script src="lib/jsSHA/src/sha1.js"></script> <script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/hmac-sha1.js"></script> And in js... var message = "shah me"; var secret = "hide me"; var crypto = CryptoJS.HmacSHA1(message, secret).toString(CryptoJS.enc.Base64) + '='

Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1? Nick Johnson The security implications of HMAC are described in detail in the security section of the RFC . In a nutshell, a very strong attack indeed is required before the security of the HMAC is threatened; the existing collision attacks on SHA-1 certainly don't constitute such. HMAC is specifically designed to make attacks difficult, and ordinary collision attacks won't generally suffice: The security of the message authentication mechanism presented here depends on cryptographic properties of the hash

I'm planning on storing the passwords as a sha1, so I need a way to validate that it is a sha1 at another point in my website. I was planning on using preg_match, but I do not know how to make regex patterns. Could someone help me out with one? Thanks Edit: I am not trying to see if two hashes match. Actually, you can use preg_match() to make sure it's a 40 characters hexadecimal string as such: function is_sha1($str) { return (bool) preg_match('/^[0-9a-f]{40}$/i', $str); } To explain the pattern: / Opening Delimiter ^ Start Of String Anchor [0-9a-f] Any of the following characters:

Trying to determine how quickly a user would be warned of corruption in the object database with git-1.7.4.1, I pulled a one-bit switcheroo: $ git init repo Initialized empty Git repository in /tmp/repo/.git/ $ cd repo $ echo 'very important info' >critical $ git add critical $ git commit -m critical [master (root-commit) c4d6d90] critical 1 files changed, 1 insertions(+), 0 deletions(-) create mode 100644 critical $ git ls-tree HEAD 100644 blob 82d423c32c4bb2c52938088e0234db041bf4eaaf critical $ git show 82d423c32c4bb2c52938088e0234db041bf4eaaf very important info $ echo 'Very important info'

I would like to check for author's e-mail and name, surname to verify who's pushing to my repo. Is there any way that I can come up with a command in git to show commiter's name/e-mail given only SHA1 of the commit? This is what I came up with but it's far from ideal solution (the first solution is for git hook that's why it's using 2 SHA1s with rev-list . The second one simply uses git show ): git rev-list -n 1 --pretty=short ccd3970..6ddf170 | grep Author | cut -d ' ' -f2- | rev | cut -d ' ' -f2- | rev git show 6ddf170 | grep Author | cut -d ' ' -f2- | rev | cut -d ' ' -f2- | rev Igal S. You

Can you suggest me about how to encrypt string using SHA1 algorithm ? I've searched about it. But no luck. Thanks in advance. binnyb's convertToHex method is not working properly. A more correct one that works for me is: private static String convertToHex(byte[] data) { StringBuffer buf = new StringBuffer(); for (int i = 0; i < data.length; i++) { int halfbyte = (data[i] >>> 4) & 0x0F; int two_halfs = 0; do { if ((0 <= halfbyte) && (halfbyte <= 9)) { buf.append((char) ('0' + halfbyte)); } else { buf.append((char) ('a' + (halfbyte - 10))); } halfbyte = data[i] & 0x0F; } while(two_halfs++ < 1);