Hashed message authentication code: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
(new page, basic info)
 
imported>Chris Day
No edit summary
Line 3: Line 3:
HMACs use a [[cryptographic hash]] algorithm and a [[cryptographic key]]. The sender generates the HMAC from the message and the key; the receiver verifies using both.
HMACs use a [[cryptographic hash]] algorithm and a [[cryptographic key]]. The sender generates the HMAC from the message and the key; the receiver verifies using both.


If HMAC verification succeeds, the receiver knows not only that the message is unchanged since the hash was generated (which he would know with any hash algorithm), but also that whoever generated the HMAC knew the appropriate key. This prevents an attacker without the key from altering a message and generating a valid hash for the changed version. HMACs prevent [[man=in-the-middle attack]]s.
If HMAC verification succeeds, the receiver knows not only that the message is unchanged since the hash was generated (which he would know with any hash algorithm), but also that whoever generated the HMAC knew the appropriate key. This prevents an attacker without the key from altering a message and generating a valid hash for the changed version. HMACs prevent [[man-in-the-middle attack]]s.


[[IPsec]] uses an HMAC for packet-level authentication.
[[IPsec]] uses an HMAC for packet-level authentication.

Revision as of 00:04, 2 November 2008

A hashed message authentication code or HMAC is a cryptographic technique for providing data integrity protection.

HMACs use a cryptographic hash algorithm and a cryptographic key. The sender generates the HMAC from the message and the key; the receiver verifies using both.

If HMAC verification succeeds, the receiver knows not only that the message is unchanged since the hash was generated (which he would know with any hash algorithm), but also that whoever generated the HMAC knew the appropriate key. This prevents an attacker without the key from altering a message and generating a valid hash for the changed version. HMACs prevent man-in-the-middle attacks.

IPsec uses an HMAC for packet-level authentication.