tags : Security, Hashing, Cryptography, Encryption
FAQ
What is MAC?
- A commonly employed technique for message integrity and authentication in various cryptographic protocols and applications.
- A cipher may be used for Encryption but it does not ensure Authentication or
Integrity. Using a MAC ensures those two.
Types
-
Block cipher based MAC
- Although GHASH and Poly1305 are secure MACs, they’re not built from cryptographic hash functions.
- Hash based MAC (HMAC)
More on HMAC
- It’s useful for streaming ciphers
- HMAC is a recipe for turning hash functions into MACs.
- HMAC is a very specific construct, namely
H(K1||H(K2||M))with usually a simple rule to generate K1 and K2 from a single K. - You do have to be careful with naive HMAC if you don’t use the construction like the official HMAC
H(K1(H(K2(m)))as the simpler attempt at a keyed hash based MACH(K1(m))will be vulnerable to length-extension attacks for many hashes (e.g., MD5, SHA-2) - HMAC derives from NMAC which used a hash with two different keys. They then proved that related keys would be just as strong [hence hmac].
HMAC vs SHA3/Blake3 etc.
- Some newer hashing techniques hash with a key that’s safe to use as a MAC (and acts as a PRF) so we don’t need to do the double hashing that HMAC does.
- With newer
SHA3candidate hash algorithms(Keccak, Skein, Blake etc), length extension attacks are a thing of the past, you can simply doH(K, M)for a secure MAC. It’s much simpler and faster than doing something likeHMAC-SHA-256(K, M) - This makes these hashing techniques equivalent to HMAC but they are not HMAC. i.e HMAC is a particular standard, not any hash-based MAC.