Um resumo sobre o padrão de segurança HMAC

Jun 12, 2026 - 19:20

Updated: 2 days ago

0 0

Um resumo sobre o padrão de segurança HMAC

Definição

O HMAC (Hash-based Message Authentication Code) é um mecanismo de segurança que permite verificar a integridade e autenticidade de uma mensagem, garantindo que ela não foi alterada e que foi gerada por quem possui uma chave secreta. Ele é muito usado em autenticação de APIs, tokens e assinaturas digitais.

Analogia

Imagine que você envia uma carta dentro de um envelope lacrado com um selo exclusivo que só você e o destinatário conhecem a forma de produzir. Se alguém abrir a carta e alterar qualquer palavra, o selo não vai mais bater com o original. O HMAC funciona exatamente assim: ele “lacra” os dados com uma assinatura impossível de reproduzir sem a chave secreta.

Exemplo sem HMAC (inseguro)

$payload = [
  'user' => 'joao',
  'exp' => time() + 300
];

// token simples sem proteção
$token = base64_encode(json_encode($payload));

Problema

Qualquer pessoa pode:

decodificar o token
alterar exp
reencodar
e enganar o sistema

Exemplo com HMAC (seguro)

$payload = [
  'user' => 'joao',
  'exp' => time() + 300
];

$secret = 'chave_super_secreta';

$signature = hash_hmac(
  'sha256',
  json_encode($payload['user']) . '|' . $payload['exp'],
  $secret
);

$payload['sig'] = $signature;

$token = base64_encode(json_encode($payload));

Validação do lado do servidor

$payload = json_decode(base64_decode($_GET['token']), true);

$check = hash_hmac(
  'sha256',
  json_encode($payload['user']) . '|' . $payload['exp'],
  $secret
);

if (!hash_equals($check, $payload['sig'])) {
  die("Token inválido");
}

Hello nice to meet you i am starting on this community

What's Your Reaction?

Like 0

Dislike 0

Love 0

Funny 0

Wow 0

Sad 0

Angry 0

Christopher Holloway

Christopher Holloway is the founder and director of Progressive Robot, a UK-based technology company. A full-stack engineer with more than two decades of experience, he works across PHP development, ecommerce, Linux infrastructure, technical SEO and AI automation, and writes here on technology, AI, hardware and software.

Your AI assistant is not hallucinating. It's guessing, and you asked it to guess.

NVIDIA Blackwell Dominates MLPerf Training...

HPE and NVIDIA Expand AI Infrastructure...

Benchmarking Agentic AI Infrastructure:...

Why Artificial Intelligence Has Not...

Asus ROG Ally X20 Review: OLED Refinement...

Gran Turismo World Series Singapore:...

007 First Light Sets New Sales Record...

Summer Game Fest 2026: Industry Shifts...

iPhone 18 Pro Color Confirmed: Dark...

The Complete Guide to MagSafe and Magnetic...

Understanding the Reality Behind the...

Mobile Document Scanning: Evaluating...

Apple Launches New Accessories And Thinnest...

Beats Studio Buds Firmware Update Addresses...

Apple Updates AirPods Pro and Beats...

Apple Distributes Routine Firmware Updates...

Apple A22 Pro Chipset and the 1.4nm...

Apple 2027 Roadmap: Camera AirPods and...

HPE and NVIDIA Expand AI Infrastructure...

NVIDIA Blackwell Sets New Standards...

Why Storage Infrastructure Is Essential...

HPE Updates AI Infrastructure for Agentic...

HPE Expands Self-Driving Networks for...

HPE Broadens Quantum Partnerships to...

AMD AGESA 1.3.0.1b BIOS Update Improves...

MSI MPG 271KRAW18 5K Mini LED Monitor...

AMD Warranty Dispute Highlights Evolving...

MSI Forecasts Persistent Memory And...

Domestic 24 Gb Chips Enable 48 GB DDR5...

DDR5 Memory Prices Surge in Germany,...

Intel Raptor Lake Next Desktop CPUs...

Intel Extends Raptor Lake Lifecycle...

Arctic Computex 2026 Cooling and Chassis...

Adata XPG Computex 2026 Hardware Lineup...

Compact NCase P1 ATX Chassis for Multi-GPU...

Lian Li Computex 2026 Hardware Innovations...

Mini PC Buying Guide: Performance, Value,...

Compact Desktop Systems: Architecture,...

PC Hardware Transition Guide: Migration,...

Asus ROG Edition 20 Desktop Balances...

MSI Unveils Pro Max Desktops and Monitors...

Intel Core-X Series and X299 Platform...

Intel Core i9-7980XE Benchmarks Reveal...

MSI Introduces Vigor GK80 and GK70 Keyboards...

Optimizing Chiplet Cooling With Adjustable...

How Modern Security Suites Replace Multiple...

Red Hat NPM Channel Compromised in Supply...

How Malvertising Campaigns Exploit Trusted...

AI doesn't break security. Complexity...

Meta AI Chatbot Exploit Compromises...

Scientific Insights From Overlooked...

Space Market Correction as SpaceX IPO...

Negative Time in Quantum Optics: Peer-Reviewed...

How Underwater Technology Is Reshaping...

Why Night Driving Poses Unique Risks...

Anker Prime 250W Charging Station Review...

Tesla Model 3 Pricing Shift in Canada...

How AI and Machine Learning Are Reshaping...

Singapore Airlines Brings Live World...

Dolby Atmos Changed Movie Audio: Why...

Clarkson's Farm Season 5 Release Schedule...

Masters of the Universe Director Addresses...

Google Engineer Charged With Insider...

Fake downloads of popular PC utilities...

Pearl Cryptocurrency Mining Rush Fades...

Physical Attacks Against Major Cryptocurrency...

Coinbase and Kalshi introduce perpetual...

Welcome!

Um resumo sobre o padrão de segurança HMAC

Definição

Analogia

Exemplo sem HMAC (inseguro)

Exemplo com HMAC (seguro)

Validação do lado do servidor

What's Your Reaction?

Related Posts

Comments (0)

Popular Posts

Follow Us

Recommended Posts