Description
It states in the readme that "This has been tested to work.", yet I can't seem to generate an HMAC hash that matches existing generators.
I used this to test the output with the message digest set to SHA1. The secret key I'm using is de5868364551a577acc1ed9e276ce7a7 the test message is Hello, Avatar!.
The website indicates that the HMAC will be f2299a4d48b89817ab87d84fb2b2ad3c60980ad7 but this script is giving me 7urZ3pGzQOVFOns1HixWiWnjtm0 a completely different length and hash all together.
Now I noticed the script says "length = 40 GET FROM READER SCRIPT/NOTECARD" but I haven't found an HMAC hashing function that can't take a variable length, even the website I used indicates "This [secret] key will vary in length depending on the algorithm that you use.".
Regardless, I tried padding the key until it was 40 chars long and tested again. Still it generated a completely different hash than the site. I even compared using a php, java, and python HMAC hashing function set to SHA1 and they all matched the sites hash but this script doesn't seem to.
Am I doing something wrong to get these different results?
Also since SHA1 is prone to length extension attacks and had the first public collision published on 2/23/2017, will you ever make a 256 version? Even certain frameworks I use won't allow HMAC signing with SHA1 for security reasons. So this would be beneficial to have at some point for many people.
Caveat: The script doesn't compile because "skey=YOURSECRETKEYHERE" needs the quotes escaped. The A variable doesn't get defined anywhere even though the dataserver event loads it. Also, in the 4 years this script has been up llXorBase64StringsCorrect was deprecated for llXorBase64.