Popular Post Danyfirex Posted December 9, 2017 Popular Post Posted December 9, 2017 (edited) Hello guys. Here is a small function to create a hash hmac similar to hash_hmac PHP function. Supported are: SHA512,SHA256,SHA1,SHA384,MD5 and RIPEMD160. Local $sSecret = "SecretKey" Local $sMessage = "AutoIt Rocks!!!" ConsoleWrite("HMAC-SHA256: " & @TAB & @TAB & _HashHMAC("SHA512", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA256: " & @TAB & @TAB & _HashHMAC("SHA256", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA1: " & @TAB & @TAB & _HashHMAC("SHA1", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA384: " & @TAB & @TAB & _HashHMAC("SHA384", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-MD5: " & @TAB & @TAB & _HashHMAC("MD5", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-RIPEMD160: " & @TAB & _HashHMAC("RIPEMD160", $sMessage, $sSecret) & @CRLF) Func _HashHMAC($sAlgorithm, $bData, $bKey, $bRaw_Output = False) Local $oHashHMACErrorHandler = ObjEvent("AutoIt.Error", "_HashHMACErrorHandler") Local $oHMAC = ObjCreate("System.Security.Cryptography.HMAC" & $sAlgorithm) If @error Then SetError(1, 0, "") $oHMAC.key = Binary($bKey) Local $bHash = $oHMAC.ComputeHash_2(Binary($bData)) Return SetError(0, 0, $bRaw_Output ? $bHash : StringLower(StringMid($bHash, 3))) EndFunc ;==>_HashHMAC Func _HashHMACErrorHandler($oError) ;Dummy Error Handler EndFunc ;==>_HashHMACErrorHandler It requires .NET Framework 2.0 or higher. Saludos Edited December 9, 2017 by Danyfirex Decibel, Gianni, faldo and 3 others 5 1 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
argumentum Posted December 10, 2017 Posted December 10, 2017 (edited) I asked myself ( google really ), what's the difference and/or use of this vs. a regular hash. from https://crypto.stackexchange.com/questions/6493/what-is-the-difference-between-a-hmac-and-a-hash-of-data --------------------------- TL;DR, an HMAC is a keyed hash of data. A good cryptographic hash function provides one important property: collision resistance. It should be impractical to find two messages that result in the same digest. An HMAC also provides collision resistance. But it also provides unforgeability. In order to generate an HMAC, one requires a key. If you only share this key with trusted parties, given an HMAC signature, you can be confident that only one of the trusted parties could have generated that signature. Due to common properties of hash functions, an HMAC is not as simple as hashing the data appended to the key. This construct is vulnerable to length-extension attacks where an attacker can take a message and its HMAC signature, and use this to construct a longer message with a valid signature (thus breaking the guarantee of unforgeability). --------------------------- Put simply, if you're using a simple hash of a file to guarantee file-integrity, then an attacker could modify the file, re-calculate the hash of the modified file, and replace the old hash with the modified one. With a HMAC, a key is used when calculating the hash value, so unless the attacker has the key, they're unable to calculate a valid hash value of the modified data. So now I know. Thanks for sharing PS: so, what would be the function to hash files @Danyfirex ? Edited December 10, 2017 by argumentum add a question Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Danyfirex Posted December 10, 2017 Author Posted December 10, 2017 Hello. I really dont know too much about hashing files. I usally use this for Web API. I think you're talking about something like this. I'll check deeply later. Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
argumentum Posted December 10, 2017 Posted December 10, 2017 no need to look too deep for my question. In any case, a salted hash, of the file's hash as string, would do just fine for the purpose. I have no need for this implementation. I was just curious about it. Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Vovsla Posted June 8, 2018 Posted June 8, 2018 When i use function above, i get result HMAC-SHA512: 42b39eb438b98554dd4512170bb521bb8f736b778d306e77f61983d052f2cd5ea471f3c20d1e3c759174ca7c7fe00508dad78b30b559f22c6685aa6129ff5d71 HMAC-SHA256: 11b75d845a07fc5c0a6cc3dbdb9c5c53d3034129e3394f56a2f16649b61a5c54 HMAC-SHA1: 4ed7ba3c4e31298d5b7f6e8bfd78da2a7448db61 HMAC-SHA384: a867fed954c4930b949ac1c0aedddaa3b317b96d8dade84e98d2d7221a11322b4c0c7ec0a5dacc019b7a414c209c3dee HMAC-MD5: 528e95c677558a6533ef3133f181ae52 HMAC-RIPEMD160: 3570f66d68160bd89fa73965aa0a3e5819e92470 When i use python i get another result import hmac, hashlib API_SECRET = b'SecretKey' URL = b'AutoIt Rocks!!!' Sign = hmac.new(API_SECRET, URL, hashlib.sha512).digest() print(Sign) b'B\xb3\x9e\xb48\xb9\x85T\xddE\x12\x17\x0b\xb5!\xbb\x8fskw\x8d0nw\xf6\x19\x83\xd0R\xf2\xcd^\xa4q\xf3\xc2\r\x1e<u\x91t\xca|\x7f\xe0\x05\x08\xda\xd7\x8b0\xb5Y\xf2,f\x85\xaaa)\xff]q' Why results so different? How i can get the same result with autoit?
Danyfirex Posted June 9, 2018 Author Posted June 9, 2018 I got same result with this: import hmac, hashlib API_SECRET = b'SecretKey' URL = b'AutoIt Rocks!!!' Sign = hmac.new(API_SECRET, URL, hashlib.sha512).hexdigest() print((Sign)) Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
oceanwind Posted December 25, 2021 Posted December 25, 2021 On 6/9/2018 at 10:54 PM, Danyfirex said: I got same result with this: import hmac, hashlib API_SECRET = b'SecretKey' URL = b'AutoIt Rocks!!!' Sign = hmac.new(API_SECRET, URL, hashlib.sha512).hexdigest() print((Sign)) Saludos Can you help to modify your code to match python digest() version not the hexdigest() version?
jchd Posted December 26, 2021 Posted December 26, 2021 (edited) See the answer in the new thread you posted. Edited December 26, 2021 by jchd This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now