hmac长度攻击扩展python

时间:2016-04-11 08:46:08

标签: python security cryptography hmac

我是一名学生,我正在努力对下面一个糟糕的实现python HMAC代码执行长度扩展攻击

我收到了以下假记录信息

megaBlockSize=128
def strToNum(inp):
    """Takes a sequence of bytes and makes a number"""
    out=0
    for i in inp:
        out=out<<8
        out^=ord(i)
    return out

def numToStr(inp):
    """Take a number and make a sequence of bytes in a string"""
    out=""
    while inp!=0:
        out=chr(inp & 255)+out
        inp=inp>>8
    return out

def cueh_hash_2(inp, blockSize):
    """ CUEH Hash Function v 2.0 
    Returns given-length hash of any string input or stringable input
    Uses given number of bits, must be multiple of 8
    """
    if blockSize%8!=0 or blockSize<=0:
        raise Exception("Block size must be a multiple of 8")
    inp=str(inp) #Make sure we have a string
    while (len(inp)%(blockSize/8)!=0):
        inp=" "+inp #Pad it if we need to
    val=0<<blockSize #Our accumulator
    for pos in range(0,len(inp),blockSize/8): #Now in blocks of the rigth size...
        for pos2 in range(blockSize/8):
            tval=ord(inp[pos2+pos])
            tval=tval<<(blockSize-pos2*8)
            val=val^tval
    return val

def cueh_hmac_2(key, message, blockSize):
    """Outputs a hash-based digest of the message and secret key combo"""
    key=str(key)
    message=str(message)
    if len(key)>blockSize/8:
        key=numToStr(cueh_hash_2(key,blockSize)) #Keys are shortened to blocksize
    while len(key)<blockSize/8:
        key+="#" #Keys are padded with spaces if they're too short
    return cueh_hash_2(key+message,blockSize)


def main():
    print "Testing hash: %06x"%cueh_hash_2("ABC\0\0\0",megaBlockSize)

    #Examples of flipping between numbers and strings of bytes
    #Just makes it easier to have "password" style keys
    print "%x"%strToNum("ABC")
    print numToStr((65<<16) + (66<<8) + 67)

    #Now to see it in practice
    secretKey="sswrodfishez"  #This is known by both parties
    authedMessage="ssdsdsdsdsd"


    out=cueh_hmac_2(secretKey,authedMessage, megaBlockSize)
    #Now we have the special verification code that can be used to
    #prove we were the aithor of the message. Anyone else who knows
    #the secret can do the same and compare the values
    dispString="0x%%0%dx|%%s"%(megaBlockSize/16)
    print dispString%(out, authedMessage)

if __name__ == '__main__':
    main()''

并想添加类似&#34;并安装linux&#34;或者代码末尾的东西。 

    $validPath = 'valid-path-inside-local-storage';
    $mimeType = Storage::mimeType($validPath);
    $file = Storage::disk(env('STORAGE_TO_USE','local'))->get($validPath);
    return (new Response($file, 200))
        ->header('Content-Type', $mimeType);

我浪费了很多时间。

感谢任何帮助

参考Format Specification Mini-Language

1 个答案:

答案 0 :(得分:0)

我很遗憾地说你的问题到目前为止还不清楚。 您似乎遇到了加密问题,但是您要求将字符串附加到另一个字符串的末尾。

存在过度简化您需求的风险,如果是这种情况,那么为什么以下代码对您来说还不够:

str1 = "581b464951404558504f071e7359100d00|Delete all files on c: and d: and e: "
str2 = "and install linux"
str3 = str1 + str 2
相关问题
最新问题