Overview#
In Cryptography, a Keyed-Hash Message Authentication Code (HMAC) is a specific construction for a Message Authentication Code (MAC) involving a Cryptographic Hash Function in combination with a Authentication usually using the Private Key.As with any Message Authentication Code, Keyed-Hash Message Authentication Code may be used to simultaneously verify both the data Integrity and the Authentication of a Message.
Any Cryptographic Hash Function, such as MD5 or SHA-1, may be used in the calculation of an Keyed-Hash Message Authentication Code. The resulting Keyed-Hash Message Authentication Code algorithms is termed HMAC-MD5 or HMAC-SHA1 accordingly.
The cryptographic strength of the Keyed-Hash Message Authentication Code depends upon the cryptographic strength of the underlying Cryptographic Hash Function, the size of its hash output, and on the size and quality of the key.
FIPS 198-1 generalizes and standardizes the use of Keyed-Hash Message Authentication Codes.
HMAC-SHA1 and HMAC-MD5 are used within the IPsec and TLS Protocols.
How are Keyed-Hash Message Authentication Code used in Cryptography#
As when Eve can not perform Decryption of the Ciphertext, Eve could modify the Ciphertext in transit and perhaps fool Bob into accepting Alice's Message.When a Keyed-Hash Message Authentication Code is utilized, Bob would at least know the Ciphertext had been modified since Alice sent the Ciphertext.
More Information#
There might be more information for this subject on one of the following:- Derive the Master Secret
- FIPS 198-1
- HMAC
- HMAC-MD5
- HMAC-SHA1
- HMAC-SHA2
- Key Derivation Function
- Macaroons
- NIST.SP.800-107
- [#1] - Hash Based Message Authentication Code
- based on 2015-02-12