Implementation of PHP's HMAC_SHA1 algorithm

Source: Internet
Author: User
Tags hmac sha1 sha1 hash

Based on RFC 2316 (Report of the Iab,april 1998), HMAC (Hash message Authentication code: Hashed Message Authentication code) And IPSec is considered a key core protocol for interact security. Instead of a hash function, it takes a message authentication mechanism that uses the MD5 or SHA1 hash function with a shared secret key (unlike a public/private key pair). Basically, the message is combined with the key and runs the hash function. Then run the result with the key combination and run the hash function again. This 128-bit result is truncated to 96 bits and becomes a Mac.

HMAC is primarily applied in authentication, and it is used in this way:
1. The client makes a login request (assuming the browser's GET request)
2. The server returns a random value and logs the random value in the session
3. The client takes the random value as the key, the user's password for the HMAC operation, and then submits it to the server
4. The server reads the user's password in the user database and the random value sent in step 2 to do the same as the client's HMAC operation, and then compares with the results sent by the user, if the result is consistent, verify that the user is legitimate
In this process, it is possible that a security attack is a random value sent by the server and the result of the HMAC sent by the user, and the two values are meaningless for the hacker intercepting the two values, there is no possibility of acquiring the user's password, and the introduction of the random value makes the HMAC valid only in the current session. Security and usability are greatly enhanced. Most languages implement the HMAC algorithm, such as PHP mhash, Python hmac.py, Java MessageDigest class, the use of HMAC in Web authentication is also feasible, using JS to md5 the speed of the operation is relatively fast.

SHA

Secure Hash Algorithm SHA (Secure Hash algorithm) is the national Standards and Technology agency issued by the state standard FIPS PUB 180-1, commonly known as SHA-1. It produces a 160-bit message digest output for messages that do not exceed 2,642 bits in length, and the input is processed by 512-bit blocks.
SHA is a data encryption algorithm, which has been developed and improved by cryptographic experts for many years, and has now become one of the most secure hashing algorithms and is widely used. The idea of the algorithm is to receive a piece of plaintext, and then convert it into a paragraph (usually smaller) ciphertext in an irreversible way, or simply to take a string of input codes (called Pre-mapping or information) and convert them to shorter lengths, A fixed number of bits of output sequence is the process of hashing values (also known as information digests or information authentication codes). The hash function value can be said to be a "fingerprint" or "digest" of the plaintext, so the digital signature of the hash value can be regarded as the digital signature of this plaintext.

SHMAC_SHA1

HMAC_SHA1 (Hashed message authentication Code, Secure Hash algorithm) is a secure Message authentication protocol based on cryptographic hash function and shared key. It can effectively prevent the data from being intercepted and tampered with during transmission, and maintain the integrity, reliability and security of the data. The success of the HMAC_SHA1 message authentication mechanism lies in an encrypted hash function, an encrypted random key, and a secure key exchange mechanism.
HMAC_SHA1 is actually a hashing algorithm, but a hashing algorithm that uses a key to extract the digest value.
HMAC_SHA1 algorithm can be used in authentication and data integrity, and the network security is also well implemented.

Article Source: http://www.prcsc.com/info.aspx?m=20100803133543077665

comes with a PHP HMAC_SHA1 algorithm

12345678910111213141516171819202122232425262728293031323334353637383940
/** *@ Generate Oauth_signature signature values using the HMAC-SHA1 algorithm * *@param$key Key *@param$STR Source String * *@return Signature Value*/function get_signature($str,$key){$signature="";If(function_exists(' Hash_hmac ')){$signature=Base64_encode(Hash_hmac("SHA1",$str,$key,True));}Else{$blocksize=64;$hashfunc=' SHA1 ';If(strlen($key)≫$blocksize){$key=Pack(' H* ',$hashfunc($key));}$key=Str_pad($key,$blocksize,CHR(0x00));$ipad=str_repeat(CHR(0x36),$blocksize);$opad=str_repeat(CHR(0x5c),$blocksize);$hmac=Pack(' H* ',$hashfunc(($key ^$opad).Pack(' H* ',$hashfunc(($key ^ $ipad ) . $str ) ) ) )  $signature = base64_encode   ( $hmac ) }  return  $signature         

PHP's HMAC_SHA1 algorithm implementation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.