Questions tagged [hmac]
The hmac tag has no summary.
11 questions
11
votes
6
answers
4k
views
Is CRC pointless if I'm doing truncated HMAC?
I am currently designing a communication protocol for an embedded system. I've decided that authentication (but not encryption) is important, so I decided to add 4 bytes of truncated HMAC signature to ...
- 2,099
1
vote
1
answer
575
views
HTTP(S) API authentication: why not many services require signing (HMAC)?
I am currently researching existing authentication/authorization solution that are used for REST APIs. More specifically I'm interested in backend-to-backend interactions but client-to-backend is ...
- 171
-1
votes
1
answer
156
views
How to secure my browser application against malicious requests?
I'm working on an application which can be added to third party websites. This means that this app runs in the browsers of the users of a third party and I don't have control over what runs in their ...
- 115
0
votes
1
answer
180
views
Using browsers to monitor changes in e-commerce pages
I've been looking at ways to monitor for changes in things like price and availability on e-commerce sites via visiting browsers, with three constraints:
the sites often don't have much ongoing ...
- 630
3
votes
1
answer
895
views
Securing a REST API based on authentication with external site
I have a website with an already-established authentication system. Once a user logs on to it, one of the features is a statistics application based on AngularJS.
The app communicates with an ...
- 31
1
vote
0
answers
173
views
'HMAC style' design example for a shared secret
I'm looking to secure an API based on a shared key and a given username and datetime. The API gives access to trusted third parties and does not require the input from a user in order to access their ...
- 151
20
votes
2
answers
19k
views
REST API security: HMAC/key hashing vs JWT
I just read this article that is a few years old but describes a clever way of securing your REST APIs. Essentially:
Each client has a unique public/private key pair
Only the client and the server ...
- 4,970
-1
votes
1
answer
37
views
Requesting Advice Regarding Storing Encryption Keys
I am using HMAC to hash some data before inserting it in a database and currently I have my key as a static field.
Just wondering what the best practice regarding storing the key would be. Is having ...
user144154
1
vote
0
answers
574
views
Validating time-limited HMACs
I'm exploring using HMAC style secret-key authentication with timestamp expiry, but am struggling to get my head around how you validate the timestamp portion.
On the client side you would do:
...
- 111
1
vote
1
answer
686
views
Are python's cryptographic modules good enough?
I mean, say you were writing professional grade software that would involve sensitive client information. (Take this in the context of me being an amateur programmer.)
Would you use hlib and hmac? ...
- 1,124
1
vote
1
answer
700
views
Using a random string to authenticate HMAC?
I am designing a simple webservice and want to use HMAC for authentication to the service.
For the purpose of this question we have:
a web service at example.com
a secret key shared between a user ...
- 800