About SHA-256 source code

You know the value 15.

I send you the challenge 47.

You respond with 15+47 = 62.

The only way you could have responded with 62 is if you knew the secret value 15.

That's the basic function of a challenge/response cycle.

Obviously, "+" is bad. Because a listener can do the inverse and compute 62-47 to figure out that the secret must be 15.

So "+" gets replaced with a cryptographically strong hash function.

And 15 and 47 gets replaced with tokens that are long and complicated enough that an attacker can't try a huge number of "random" tokens (dictionary attacks or sequencing of all possible tokens up to a specific length) just to try to get the same result.

But you should already know this, because you should already have spent time reading up on the concept following a couple of Google hits. If you don't read until you understand, you will fail badly.

And you can't claim that there aren't lots of good information available. Everything you will ever need to know about the subject is well indexed by Google. And described in a good way that is easy to read. So how about you start doing some own work. If you are a professional, you get your salary for doing work. If you are a student you are expected to study. Right now, you would be a bad student and/or a bad employee.

You know the value 15.

I send you the challenge 47.

You respond with 15+47 = 62.

The only way you could have responded with 62 is if you knew the secret value 15.

That's the basic function of a challenge/response cycle.

Obviously, "+" is bad. Because a listener can do the inverse and compute 62-47 to figure out that the secret must be 15.

So "+" gets replaced with a cryptographically strong hash function.

And 15 and 47 gets replaced with tokens that are long and complicated enough that an attacker can't try a huge number of "random" tokens (dictionary attacks or sequencing of all possible tokens up to a specific length) just to try to get the same result.

But you should already know this, because you should already have spent time reading up on the concept following a couple of Google hits. If you don't read until you understand, you will fail badly.

And you can't claim that there aren't lots of good information available. Everything you will ever need to know about the subject is well indexed by Google. And described in a good way that is easy to read. So how about you start doing some own work. If you are a professional, you get your salary for doing work. If you are a student you are expected to study. Right now, you would be a bad student and/or a bad employee.

Thank you. Your description is good for understanding basic concept of Hash. But I still need to know a standard way of adding a key to a data maybe like method used in HMAC-SHA-256.

What part of the use of Google is it that you don't understand?

Right now, you are a danger to yourself and your surroundings because you are refusing to invest time trying to understand exactly what you should do - and how you should do it.

Hi Hamed Adldoost,

Could you please describe the method used in HMAC-SHA-256? Since you already know that.

You know the method, but you want a more standard method. If this is the case, you would have to describe the method first.