Hacker News new | past | comments | ask | show | jobs | submit login

Tl;dr: Use HMAC for Hash-based Message Authentication Codes and hash functions for hash functions. Don't use them the other way around.

PS, maybe more developers should take an intro course on crypto.




+ don't compare secret strings in a manner that makes it possible to draw conclusions about the position of the inequality.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: