I discovered the Hash-based Message Authentication Code (HMAC) and how to use it with a SHA-256 hash for example.
I follow that link https://pycryptodome.readthedocs.io/en/latest/src/hash/hmac.html.
So I gave it a try and understood how to generate a HMAC, see the snippet below :
mySecret = b"....."
h = HMAC.new(mySecret, digestmod = SHA256)
h.update(b"hello")
print (h.hexdigest()) # 1bef439a8c4fe14770480ebe819cb2e7d5cd68ca4ccf4b3c1f248fc2a525b0a9
Everything is ok on this part.
Then I searched how I could do to reverse it and get mySecret back. And I must admit I have no ideas to make it.
It it possible to do it ?
Thanks.
Related
Seems simple enough, and there are plenty of examples but I just can't seem to get hashes that verify with werkzeug.security's check_password_hash in python.
private string Generate_Passwd_Hash()
{
string _password = "Password";
string _salt = "cXoZSGKkuGWIbVdr";
SHA256 MyHash = SHA256.Create();
byte[] hashable = System.Text.Encoding.UTF8.GetBytes(_salt + _password);
byte[] resulthash = MyHash.ComputeHash(hashable);
return "sha256$" + _salt + "$" + BitConverter.ToString(resulthash).Replace("-", "").ToLower();
}
this should generate;
sha256$cXoZSGKkuGWIbVdr$7f5d63e849f0a2c0c5c2bd6ae4e45ead2ac730c853a1ed3460e227c06c567f49
but doesn't.
EDIT
Reading through the python code for generate_password_hash and it has a default number of iterations of 260000. Which is probably what I'm missing.
I never used werkzeug but I tried to reproduce your probelem.
I had read the docs of werkzeug.security.generate_password_hash and realized it is used in password validation only, and not meant to be a universal hashing algorithm.
The document clearly says
Hash a password with the given method and salt with a string of the
given length. The format of the string returned includes the method
that was used so that check_password_hash() can check the hash.
hashlib.pbkdf2_hmac is the hashing algorithm werkzeug uses internally(from now on we call it underlying algorithm). and you don't need install it because it is in standard library.
The source code of check_password_hash shows it generates a random salt before calling underlying algorithm. The salt is to protect from attacks. And it is remembered by the werkzeug framework so that check_password_hash can use to validate later.
So to summarize:
werkzeug.security.generate_password_hash only guarantee that generated hash can be validated by check_password_hash, and no more. You simply cannot(or not supposed to) try to generate same hash by other libraries or languages.
If you really want to compare the hashing algorithm in python and C#, please post another question(or update this question) that compares underlying algorithm(hashlib.pbkdf2_hmac which allow specifying salt as parameter) with C# version. Note seems in C# there's no built in algorithm for pbkdf2, see Hash Password in C#? Bcrypt/PBKDF2.
Preamble:
I did search StackOverflow and I know someone had a question like mine, but now (a couple months after first seeing it), I could not find that answer again. I'm fully aware there is likely a duplicate, but for the life of me, I cannot find it in my searches.
The problem:
I have a cryptography module which generates a hashed password used for encrypting and decrypting secrets stored in a TinyDB database. All the functionality works except for decrypting the secret. The password is verifying correctly, so I know that isn't the issue. I am almost positive my issue is in getting the salt encoded properly in the decryption function.
Encryption code:
pas = use_password(args[0])
salt = urandom(16)
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),length=32,salt=salt,iterations=100000,)
sec = base64.b64encode(kdf.derive(bytes(pas,'utf-8')))
token = Fernet(sec).encrypt(bytes(key,'utf-8'))
salt = base64.b64encode(salt).decode('utf-8')
return token, salt
Decryption:
pas = use_password(pw)
***salt = base64.b64decode(salt)***
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),length=32,salt=salt,iterations=100000,)
sec = base64.b64encode(kdf.derive(bytes(pas,'utf-8')))
# BUG: Reported defects -#ctrenthem at 7/26/2021, 8:07:00 PM: cryptography.fernet.InvalidToken error
key = Fernet(sec).decrypt(bytes(token,'utf-8'))
return key # Returns a byte object which may need to be converted to a string.
What I tried:
I've already tried different variations of duplicating the salt encryption, but keep getting errors. Part of the problem is that base64.encode requires two "file objects" for input and output, and does not accept a string variable, which makes it unusable for my needs.
I could resolve this by creating a temp file, but that would be the worst solution because it involves
creating a new file in the filesystem with partially decrypted information, outside of RAM and the database, weakening the security of the whole system
Creates a new temp file, which is just a waste of system resources
Adds a whole lot more code just to implement something that I am positive can be implemented differently with one or two words.
Despite knowing that there is another solution, I cannot figure it out and am lost as to which base64 or bytes function will accomplish the job.
So, i'm writing a python program, actually my first "big" one, that, at a certain point, needs to generate an hmac with sha-512, from a message and a key.
Let's say i have:
key = 'ff'
seed = '238973:a665f3e641d9a402df3f9d5d9a236cb8061a2437ee47de8b3c8091774484b8b3:238973'
bkey = key.encode()
bseed = seed.encode()
string = hmac.new(bKey, bSeed, 'sha3_512')
digest = string.hexdigest()
print(str(digest))
>>>92b6c5ccc654c21838cb72e932de0feaf898398300e9755b2c91553c9db0bea99a5139055b5471142b299361c6ece4b51f2f26777a6f18f0db27775625e6948f
However when i go to https://www.freeformatter.com/hmac-generator.html#ad-output it gives me another result:
249667dabafbd3fa123b9749c6b23bc90c935e30e1372f26bbab2defa791fc915d60d406efe1b165befd4a1b6dc34fcf2f0975db08a7a2938964e99ea0419dcf
which i know for a fact to be the correct one, can somebody explain me why that is? I've been looking online for hours but it seems like i'm running in circles or i don't fully grasp how the hmac works.
I would greatly appreciate your help, it's the only bit i'm missing to finish this program.
sha3_512 is not the same implementation as sha512 - the first is based on SHA-3, while the second is based on the older SHA-2 standard. Use sha512 instead when creating your hmac to use the SHA-2 version:
>>> hmac.new(b'ff', b'238973:a665f3e641d9a402df3f9d5d9a236cb8061a2437ee47de8b3c8091774484b8b3:238973', hashlib.sha512).hexdigest()
'249667dabafbd3fa123b9749c6b23bc90c935e30e1372f26bbab2defa791fc915d60d406efe1b165befd4a1b6dc34fcf2f0975db08a7a2938964e99ea0419dcf'
I have to admit im very new to this so this might be a dumb question or I might be going around this completely the wrong way. Im trying to figure out the string to sign and Base64 HMAC signature. At this point I would like to verify that the code ive found works. Here it is:
import hashlib
import hmac
import base64
message = bytes("Message").encode('utf-8')
secret = bytes("secret").encode('utf-8')
signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
print(signature)
I had the impression that I could copy the (string to sign) off of the scratchpad and replace it with "Message" and then paste in my secret key for "secret". However my output doesnt match amazon scratchpads signature. Can someone point out the error in my ways?
I'm following the directions on the API documentation precisely, and after some frustration I finally put together something directly from their examples on http://docs.amazonwebservices.com/AWSECommerceService/2011-08-01/DG/rest-signature.html
I've tried this python script on a few machines and have gotten the same result on all of them.
import hmac
from base64 import b64encode
from hashlib import sha256
secret_key = '1234567890'
to_sign = """GET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=AKIAI44QH8DHBEXAMPLE&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-06"""
print b64encode(hmac.new(secret_key, to_sign, sha256).digest())
The instructions say that the signature using this request, and this key, is Nace+U3Az4OhN7tISqgs1vdLBHBEijWcBeCqL5xN9xg= but I get O6UTkH+m4zAQUvB+WXUZJeA8bZcKAdkc4crKgHtbc6s=
(Before anyone says anything: The example page displays the requests wrapped at 65 characters; I've already tried it. This doesn't provide a solution, and is not stated in the instructions for signature creation.)
EDIT: I found the answer, see below.
Well, look at that... The docs were wrong.
I stumbled on an old (nearly) duplicate of this question: Calculating a SHA hash with a string + secret key in python
It looks like the AWSAccessKeyId value changed from 00000000000000000000 to AKIAI44QH8DHBEXAMPLE in the example requests page.
Updating this in the script prints the expected key, Nace+U3Az4OhN7tISqgs1vdLBHBEijWcBeCqL5xN9xg=
import hmac
from base64 import b64encode
from hashlib import sha256
secret_key = '1234567890'
to_sign = """GET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=00000000000000000000&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-06"""
print b64encode(hmac.new(secret_key, to_sign, sha256).digest())
You might check out the Bottlenose library, https://github.com/dlo/bottlenose, I have found that it makes dealing with AWS Product API much more friendly.