What is the difference between an HMAC signature and hashing directly?

Question

What is the difference between an HMAC signature and hashing directly?

Just out of curiosity, really ... for example, in python,

hashlib.sha1("key" + "data").hexdigest() != hmac.new("key", "data", hashlib.sha1)

Is there any logical difference between the two actions?

+4

python cryptography hash hmac

Ben Jul 17 '12 at 16:24

source share

2 answers

Jari · Answer 1 · 2012-07-17T16:44:24+0000

hashlib.sha1 gives you just the hash of the content hash of "keydata", which you specify as a parameter (note that you simply concatenate the two lines). The hmac call gives you the key hash of the string "data" using the string "key" as the key and sha1 as the hash function. The main difference between the two calls is that HMAC can only be played if you know the key so that you also know something about who created the hmac. SHA1 can only be used to detect that the content has not changed.

Ben · Answer 2 · 2012-07-18T13:45:52+0000

I found the answer in the manual.

https://en.wikipedia.org/wiki/Hmac#Design_principles

What is the difference between an HMAC signature and hashing directly?

More articles: