HMAC

tags : Security, Hashing, Cryptography, Encryption

FAQ §

What is MAC? §

• A commonly employed technique for message integrity and authentication in various cryptographic protocols and applications.
• A cipher may be used for Encryption but it does not ensure Authentication or Integrity. Using a MAC ensures those two.

Types §

• Block cipher based MAC

  • Although GHASH and Poly1305 are secure MACs, they’re not built from cryptographic hash functions.

• Hash based MAC (HMAC)

More on HMAC §

• It’s useful for streaming ciphers
• HMAC is a recipe for turning hash functions into MACs.
• HMAC is a very specific construct, namely H(K1||H(K2||M)) with usually a simple rule to generate K1 and K2 from a single K.
• You do have to be careful with naive HMAC if you don’t use the construction like the official HMAC H(K1(H(K2(m))) as the simpler attempt at a keyed hash based MAC H(K1(m)) will be vulnerable to length-extension attacks for many hashes (e.g., MD5, SHA-2)
• HMAC derives from NMAC which used a hash with two different keys. They then proved that related keys would be just as strong [hence hmac].

HMAC vs SHA3/Blake3 etc. §

• Some newer hashing techniques hash with a key that’s safe to use as a MAC (and acts as a PRF) so we don’t need to do the double hashing that HMAC does.
• With newer SHA3 candidate hash algorithms (Keccak, Skein, Blake etc), length extension attacks are a thing of the past, you can simply do H(K, M) for a secure MAC. It’s much simpler and faster than doing something like HMAC-SHA-256(K, M)
• This makes these hashing techniques equivalent to HMAC but they are not HMAC. i.e HMAC is a particular standard, not any hash-based MAC.