Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Authentication with HMAC SHA256 (or MD5) hash
See original GitHub issueIs your feature request related to a problem? Please describe. I want a shortcut to make some very personal stuff, so it has to be guaranteed secure. The only way I see how to implement it is to use HMAC SHA256 (or MD5) hash based authentication procedure, like most of crypto-exchanges do. The goal is to have a at least one secret key which is never-ever-ever sent but affects any outgoing request. So it will make requests invulnerable to attack MITM.
Describe the solution you’d like Example implementation:
- user provides a pair of keys, f.e.
{ api_key, passphrase } API-KEYheader is set withapi_keyvalueAPI-EXPIRESheader is set on request, f.e. 10 seconds from now in some format. request would be rejected if it will be processed after that time.API-SIGNATUREheader is set with kindahex(HMAC(passphrase).SHA256(api_key + expires + request.method + request.path + data))
Describe alternatives you’ve considered
The alternative solution is to add MD5 and/or SHA256 hashing methods to the scripting engine.
Additional context HMAC on Wikipedia Detailed description of this method
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
In the upcoming version 2.3.0, I’m adding the
hmacfunction, which can be used to compute the HMAC of a given message through scripting, e.g.hmac('sha-256', 'my-key', 'my message')That is awesome! Thank you!