SHA1 hash clarification
Question
I have the following python code:
from hashlib import sha1
secretString=b"this is the secret string"
publicData=b"x10291434"
hash=sha1(publicData+secretString).hexdigest()
Now if i send out the publicData and hash for public consumption. Is this safe? I want to check that when the user provides the publicData back it matches the hash i originally sent with my secretKey .
I just wanted to check that I'm doing this correctly
2 answers
solution1
1 ACCPTED 2017-05-30 11:02:05
It looks like you are trying to do HMAC
You should try using something like itsdangerous
>>> from itsdangerous import Signer
>>> s = Signer('secret-key')
>>> s.sign('my string')
'my string.wh6tMHxLgJqB6oY1uT73iMlyrOA'
>>> s.unsign('my string.wh6tMHxLgJqB6oY1uT73iMlyrOA')
'my string'
solution2
-1 2017-05-30 11:01:09
Well, SHA-1 isn't considered a safe hashing algorithm, so no, it isn't safe.
SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use,[4] and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.[5][6][7] Microsoft,[8] Google,[9] Apple[10] and Mozilla[11][12][13] have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.
source: https://en.wikipedia.org/wiki/SHA-1
more reading: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.