Practical Cryptography for Developers
master-zh
master-zh
  • Welcome
  • 前言
  • 密码学——概述
  • 哈希函数
    • 加密哈希和碰撞
    • 哈希函数:应用场景
    • 安全哈希算法
    • 哈希函数——示例
    • 练习:计算哈希值
    • 工作量证明(Proof-of-Work)哈希函数
  • MAC 和密钥派生
    • HMAC 与密钥派生
    • HMAC 计算——示例
    • 练习:计算 HMAC
    • KDF: Deriving Key from Password
    • PBKDF2
    • Modern Key Derivation Functions
    • Scrypt
    • Bcrypt
    • Linux crypt()
    • Argon2
    • Secure Password Storage
    • Exercises: Password Encryption
  • Secure Random Generators
    • Pseudo-Random Numbers - Examples
    • Secure Random Generators (CSPRNG)
    • Exercises: Pseudo-Random Generator
  • Key Exchange and DHKE
    • Diffie–Hellman Key Exchange
    • DHKE - Examples
    • Exercises: DHKE Key Exchange
  • Encryption: Symmetric and Asymmetric
  • Symmetric Key Ciphers
    • Cipher Block Modes
    • Popular Symmetric Algorithms
    • The AES Cipher - Concepts
    • AES Encrypt / Decrypt - Examples
    • Ethereum Wallet Encryption
    • Exercises: AES Encrypt / Decrypt
    • ChaCha20-Poly1305
    • Exercises: ChaCha20-Poly1305
  • Asymmetric Key Ciphers
    • The RSA Cryptosystem - Concepts
    • RSA Encrypt / Decrypt - Examples
    • Exercises: RSA Encrypt / Decrypt
    • Elliptic Curve Cryptography (ECC)
    • ECDH Key Exchange
    • ECDH Key Exchange - Examples
    • Exercises: ECDH Key Exchange
    • ECC Encryption / Decryption
    • ECIES Hybrid Encryption Scheme
    • ECIES Encryption - Example
    • Exercises: ECIES Encrypt / Decrypt
  • Digital Signatures
    • RSA Signatures
    • RSA: Sign / Verify - Examples
    • Exercises: RSA Sign and Verify
    • ECDSA: Elliptic Curve Signatures
    • ECDSA: Sign / Verify - Examples
    • Exercises: ECDSA Sign and Verify
    • EdDSA and Ed25519
    • EdDSA: Sign / Verify - Examples
    • Exercises: EdDSA Sign and Verify
  • Quantum-Safe Cryptography
    • Quantum-Safe Signatures - Example
    • Quantum-Safe Key Exchange - Example
    • Quantum-Safe Asymmetric Encryption - Example
  • More Cryptographic Concepts
    • Digital Certificates - Example
    • TLS - Example
    • One-Time Passwords (OTP) - Example
  • Crypto Libraries for Developers
    • JavaScript Crypto Libraries
    • Python Crypto Libraries
    • C# Crypto Libraries
    • Java Crypto Libraries
  • Conclusion
Powered by GitBook
On this page
  • 什么是 HMAC?
  • 密钥派生函数(KDF)
  • HMAC 计算——示例

Was this helpful?

  1. MAC 和密钥派生

HMAC 与密钥派生

PreviousMAC 和密钥派生NextHMAC 计算——示例

Last updated 5 years ago

Was this helpful?

Simply calculating hash_func(key + msg) to obtain a MAC (message authentication code) is considered insecure (see the ). It is recommended to use the HMAC algorithm instead, e.g. HMAC-SHA256 or HMAC-SHA3-512 or other secure MAC algorithm.

简单地计算 hash_func(key+msg)以获得 MAC(消息认证码)被认为是不安全的(请参阅)。建议改用 HMAC 算法,例如 HMAC-SHA256 或 HMAC-SHA3-512 或其他安全 MAC 算法。

什么是 HMAC?

= Hash-based Message Authentication Code (MAC code, calculated using a cryptographic hash function):

= Hash-based Message Authentication Code(MAC 码,使用加密哈希函数计算):

HMAC(key, msg, hash_func) -> hash

The results MAC code is a message hash mixed with a secret key. It has the cryptographic properties of hashes: irreversible, collision resistant, etc.

结果 MAC 码是一个混合了密钥的消息哈希。它具有哈希的加密特性:不可逆、抗碰撞等。

The hash_func can be any cryptographic hash function like SHA-256, SHA-512, RIPEMD-160, SHA3-256 or BLAKE2s.

hash_func 可以是任何加密哈希函数,例如 SHA-256, SHA-512, RIPEMD-160, SHA3-256 或 BLAKE2s。

HMAC is used for message authenticity, message integrity and sometimes for key derivation.

HMAC 用于验证消息真实性,消息完整性,有时还用于密钥派生。

密钥派生函数(KDF)

Key derivation function (KDF) is a function which transforms a variable-length password to fixed-length key (sequence of bits):

密钥派生函数(Key Derivation Functions, KDF)是将可变长度密码转换为固定长度密钥(位序列)的函数:

function(password) -> key

As very simple KDF function, we can use SHA256: just hash the password. Don't do this, because it is insecure. Simple hashes are vulnerable to dictionary attacks.

作为非常简单的 KDF 函数,我们可以使用 SHA256:仅对密码进行哈希处理。不要这样做,因为它是不安全的。简单的哈希很容易受到字典攻击。

As more complicated KDF function, you can derive a password by calculating HMAC(salt, msg, SHA256) using some random value called "salt", which is stored along with the derived key and used later to derive the same key again from the password.

作为更复杂的 KDF 函数,我们可以通过使用一些称为“盐”的随机值来计算 HMAC(salt,msg,SHA256)来派生密钥,该随机值与派生密钥一起存储,用于以后再次从密码中派生相同的密钥。

HMAC 计算——示例

Play with calculating HMAC('sample message', '12345', 'SHA256'):

尝试计算 HMAC('sample message', '12345', 'SHA256'):

HMAC('sample message', '12345', 'SHA256') =
  'ee40ca7bc90df844d2f5b5667b27361a2350fad99352d8a6ce061c69e41e5d32'

Try the above example yourself.

可自行尝试如上示例代码。

Using HKDF (HMAC-based key derivation) for key derivation is less secure than modern KDFs, so experts recommend using stronger key derivation functions like , , and . We shall discuss all these KDF functions later.

与现代 KDF 函数相比,使用 HKDF(基于 HMAC 的密钥派生)进行密钥派生的安全性较低,因此专家建议使用更强大的密钥派生函数,例如 , , 和 。稍后我们将讨论这些 KDF 函数。

To get a better idea of HMAC and how it is calculated, try this online tool:

要更好地了解 HMAC 及其计算方式,请尝试此在线工具:

details
详细信息
HMAC
HMAC
PBKDF2
Bcrypt
Scrypt
Argon2
PBKDF2
Bcrypt
Scrypt
Argon2
https://www.freeformatter.com/hmac-generator.html
https://www.freeformatter.com/hmac-generator.html