[tor-dev] Hmac

Jesse V kernelcorn at riseup.net
Sat Sep 10 00:24:09 UTC 2016

On 09/09/2016 07:28 PM, Flipchan wrote:
> Hi all, so i spook with a friend of mine yesterday and we where chating
> about encryption and i told him that i use scrypt for password hashing.
> He told that hmac was alot better.
> Does anyone know any Good whitepapers on hmac? Any Good python lib? Does
> anyone use it ?

The important thing here is that in this context, both scrypt and HMAC
receive two values: a password and a salt. This provides a defense
against rainbow tables if your database is compromised. It also avoid
leaking whether two users have the same password. The idea is to store
the username, salt, and hashed password in the database.

Scrypt is useful because it's memory-hard, which means that it better
resists hardware attacks since the scrypt operation requires precious
RAM. HMAC is useful because it isn't safe to compute SHA2(salt +
password) due to the Length Extension Attack against MD5, SHA1, and
SHA2, but this doesn't necessarily apply in this context. When you say
"HMAC", I assume that your friend means HMAC_SHA256.

HMAC_SHA256 is very common for storing passwords and there are many
papers, libraries, and other resources on it. I would start with the
Wikipedia article on HMAC and go from there. If you really want to dig
into the topic, look into Argon2.

Jesse V

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 534 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160909/3a077d37/attachment.sig>

More information about the tor-dev mailing list