21.8 HMAC

HMAC is a hash-based message authentication code. It’s dangerous to store the passwd in a raw string. A safer way is to salt then hash with a strong cryptograpic hash function when storing the passwd.

The default salt is a random string got from the operating system. And the default cryptographic hash function is SHA256. You can set your own HMAC function, as in this example:

(define (my-hmac passwd salt)
  (string->sha-512 (format #f "~a-~a-~a" passwd salt (current-time))))

(post "/auth" #:auth `(table user "user" "passwd" "salt" ,my-hmac)
      ...... )

The default HMAC function is:

(define (default-hmac passwd salt)
  (string->sha-256 (string-append passwd salt)))

For more on hash functions, please refer to Cryptographic hash functions.