dan*_*iel 2 cryptography rfc rfc-4226
RFC的测试值指定:
Appendix D - HOTP Algorithm: Test Values
The following test data uses the ASCII string
"12345678901234567890" for the secret:
Secret = 0x3132333435363738393031323334353637383930
Table 1 details for each count, the intermediate HMAC value.
Count Hexadecimal HMAC-SHA-1(secret, count)
0 cc93cf18508d94934c64b65d8ba7667fb7cde4b0
1 75a48a19d4cbe100644e8ac1397eea747a2d33ab
因此,如果我尝试在红宝石中获得0的HMAC,我会得到:
[20] pry(AuthyOTP)> secret_key = "12345678901234567890"
=> "12345678901234567890"
[22] pry(AuthyOTP)> OpenSSL::HMAC.hexdigest(digest, secret_key, "0")
=> "32a67f374525d32d0ce13e3db42b5b4a3f370cce"
我原本应该得到 cc93cf18508d94934c64b65d8ba7667fb7cde4b0
所以我在java中编写了一个实现,我得到了同样的结果:
Calculation OTP for movingFactor = 0
2. Calculate Hash =
32a67f374525d32d0ce13e3db42b5b4a3f370cce
那么当秘密是"12345678901234567890"时,什么是"0"的十六进制SHA1-HMAC?
RFC4226是正确的.
您将字符串与字节混淆.你不是想计算'0'的hmac-sha1,你应该计算一个从0开始的8字节整数的hmac-sha1.在java中,那将是hmac-sha1的byte [] counter = {0, 0, 0, 0, 0, 0, 0, 0};
| 归档时间: |
|
| 查看次数: |
602 次 |
| 最近记录: |