No announcement yet.

Comments re Dynamic HMAC in Source Code forum

  • Filter
  • Time
  • Show
Clear All
new posts

  • Comments re Dynamic HMAC in Source Code forum

    Any comments would be appreciated but I am not that au fait with substitution boxes. If any of you have time and the inclination, , perhaps you could suggest something a bit stronger than that proposed.


  • #2
    Give me a while to fully wake up, and I'll look more closely at your posted code, and also drop it into my editor and compile it. But you shouldn't expect any significant comments from me, as I ain't exactly 'knowledgeable' about public security stuff.


    • #3
      OK, I dropped your source code into my editor and compiled it and ran it. When I saw what the anticipated results were, I started analyzing. In a nutshell, I'm going to need to be mentally alert before trying to follow this stuff. Your code is well-written, but my mind is unusually groggy in this overnight for some reason, even though I recently woke up from a long sleep. Maybe in another day or so I can give some helpful, constructive feedback.


      • #4
        Thanks Clay.

        I've just made a correction in Source Code.

        'IF hProv = 0 THEN GOTO TidyUp REMOVE Ported from another app where other tidying was done
        If hProv = 0 Then Exit Function

        This occurred three times. GetASessionKey was written for this code and I didn't make the same mistake.

        hProv will probably never <> 0 but it was a needed correction all the same.


        • #5
          Be careful about those "Fogg-Bombs" the night before

          Sorry had to razz.

          Didn't mean to hijack, but Dave since you have some understanding of HMAC (if I understand correctly is using hashes) I am a lil' bit interested, but really no clue how hashes really work or why?
          Engineer's Motto: If it aint broke take it apart and fix it

          "If at 1st you don't succeed... call it version 1.0"

          "Half of Programming is coding"....."The other 90% is DEBUGGING"

          "Document my code????" .... "WHYYY??? do you think they call it CODE? "


          • #6
            Some folk knock Wikipedia but these two entries are not bad.

            Cryptographic hash function


            • #7
              I'm sorry, David, I forgot about this thread. I will try to do my looking-through of your d-hmac code this very evening.


              • #8

                I am in a brief lull between private life stuff, and I's wondering if you know of a software where I can check my implementation of your code against the standard? Nothing against your code at all, I just like to rewrite code I download so it fits into my own iconoclastic way of doing things. I have not yet converted your code, and do not know for a fact that I can, but I've got the chance to do so tonight.


                • #9
                  Hi Clay

                  There is no software and no standard so no test vectors. This is research and I've no idea whether NIST or ISO are looking at it yet. The only code on the Internet is in our Source Code forum.

                  The paper is available from the 3rd reference in my first post of the Source Code entry but it is not free ($35). I got the OK to use the algorithm from one of the authors. I described it in the preamble rather than Copy and Paste as the paper itself is copyrighted by IEEE.


                  • #10
                    OK, thanks, David. I will bide my time, then, and see what becomes of the "standard."