On Wed, Jan 15, 2020 at 10:54 AM Dennis Lee Bieber <wlfr...@ix.netcom.com> wrote: > > On Tue, 14 Jan 2020 10:02:08 -0800 (PST), Growth Hacking Formation > <ad...@formationgrowthhacking.com> declaimed the following: > > > >#################### > >Hello @formationgrowthhacking, > >thank you for your message and for using my plugin. > >For license key hashing, I implemented the PHP native method hash_hmac(), > >using the sha256 algorithm. > >You can check out the class which is responsible for encryption, decryption, > >and hashing here: > >https://plugins.trac.wordpress.org/browser/license-manager-for-woocommerce/trunk/includes/Crypto.php > >Let me know if this helped! > >########### > > > > https://www.php.net/manual/en/function.hash-hmac.php > """ > key > > Shared secret key used for generating the HMAC variant of the message > digest. > """ > ... Which implies that one needs to know another key to generate the hash > of the input data. I suspect the author of your database system will not > reveal that key (check the source code referenced by the author and see if > you can find a key for use in the hash function). >
I had a squiz at the linked-to source code, and it looks like the corresponding key is stored in a file. Whether that actually constitutes an improvement in security, I can't say. But to be compatible, you would have to read the same file. ChrisA -- https://mail.python.org/mailman/listinfo/python-list