How to implement HMAC verification with AES mode CBC

Asked Apr 01 '21 at 14:07

Active Apr 01 '21 at 14:07

Viewed 363 times

I'm working on a project where I have to make a password manager. I'm using AES in CBC mode and I have to implement HMAC for authentication. This is my encryption function:

def encrypt_password(master_password, password, salt, iv):
    key = scrypt(master_password, salt, 16, N=2**14, r = AES.block_size, p = 1)
    cipher = AES.new(key, AES.MODE_CBC, iv)
    encoded = base64.b64encode(cipher.encrypt(pad(password, AES.block_size)))
    return encoded

and decryption function:

def decrypt_password(master_password, encoded, salt, iv):
    encoded = base64.b64decode(encoded)
    key = scrypt(master_password, salt, 16, N=2**14, r = AES.block_size, p = 1)
    cipher = AES.new(key, AES.MODE_CBC, iv)
    decrypted = cipher.decrypt(encoded)
    decrypted = unpad(decrypted, AES.block_size)
    return decrypted

My problem is that I don't have a clue how to implement authentication here, can anyone please give me any tips? Thank you.

asked Apr 01 '21 at 14:07

WholesomeGhost

1,101
2
17
31

We don't encrypt passwords we use password hashing algorithms like PBKDF2, Argon2, etc. Why do you need to encrypt them? – kelalaka Apr 01 '21 at 16:49
I ment that, my terminology is off. – WholesomeGhost Apr 01 '21 at 17:07
https://stackoverflow.com/q/58431973/1820553 – kelalaka Apr 01 '21 at 17:10
This doesn't answer my question. – WholesomeGhost Apr 01 '21 at 17:15
Did you see the code? hash the password and verify. Doesn't you need that? – kelalaka Apr 01 '21 at 17:23
@kelalaka I guess OP wants message authentication [for example](https://crypto.stackexchange.com/q/202/13022) with an encrypt-then-MAC scheme. – Artjom B. Apr 01 '21 at 20:18
@ArtjomB.You may right. In that case [How to use SHA256-HMAC in python code?](https://stackoverflow.com/a/51861438/1820553) – kelalaka Apr 01 '21 at 20:26

How to implement HMAC verification with AES mode CBC

0 Answers0