On Wed, Dec 30, 2015 at 11:30 AM, Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:
// Form the MD5 hash using the transaction key

Jon, is that your comment, or theirs (Payeezy's)?

The reason I ask is that if it's their comment, then it's no wonder
Jack was a little confused. If it's your comment, well, I'll
respectfully suggest changing it to read "HMAC-MD5" instead of simply
"MD5", to reduce the chance for confusion among people who are reading
that code later.

As Tim and Kevin said, they're not the same thing. HMAC is a method of
constructing a hash from repeated application of some other (take your
pick) basic hash function. In Jack's and your case, the basic hash
function is MD5, but the HMAC method works with various others, as you
probably gathered from the fact that "hash algorithm" is a parameter
in any generalized HMAC function, like both PHP's hash_hmac and IBM's
Qc3CalculateHMAC.

In simplistic terms, HMAC involves first prepending the key to the
message and hashing that (using your chosen algorithm) to get an
intermediate result; then prepending the key to the intermediate
result and hashing that (using your chosen algorithm) to get the final
result.

There are other technical details which make it at best annoying to
implement HMAC yourself, and at worst, you'll get it wrong (very, very
easy to do). So it's no wonder HMAC is usually provided as a
pre-implemented function or API.

John Y.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].