Texonom
Texonom/
Computing
Computing/Computing Theory/Information Theory/Cryptography/Encryption/Symmetric Encryption/Message Authentication Code/
HMAC
Search

HMAC

Creator
Creator
Seonglae Cho
Created
Created
2020 Jun 21 7:31
Editor
Editor
Seonglae Cho
Edited
Edited
2024 Apr 19 4:25
Refs
Refs
Hash Function

Hash-based Message Authentication Code (RFC2104/1997)

MAC used with any cryptographic hash function
Method of creating an authentication code (MAC) using a hash (like SHA) value

How to use Hash function for MAC

  • H(message)H(message) If someone knows the hash value of the message, they can change message and calculate a new hash value.
  • H(messagekey)H(message || key) If has function use
    Merkle-Damgård construction    , appendix attack could be happen because of its block operation property.
When using a message or key directly for hashing, it is easy to be attacked, so to solve these problem, the key is used twice in the message and hash function.
HMAC(key,message)=H((keyopad)H((keyipad)message))HMAC(key, message) = H( (key ⊕ opad) || H( (key ⊕ ipad) || message) )
  • opad and ipad are constants but need to be different
  • HMAC provides stronger security guarantees than what MAC requires. HMAC doesn't reveal any information about the message because of the key
 
 
 
 
 

Recommendations

Texonom
Texonom/
Computing
Computing/Computing Theory/Information Theory/Cryptography/Encryption/Symmetric Encryption/Message Authentication Code/
HMAC