The IT Law Wiki

Hash-based message authentication code

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

A Hash-based message authentication code (HMAC) is

a message authentication code that uses a cryptographic key in conjunction with a hash function.[1]

Overview Edit

A secure hash can be used to create a hash-based message authentication code (HMAC), if the parties to a message share a secret key. If a sender sends a message and its HMAC to a recipient, he can recompute the HMAC to protect against changes in the data from any source. An attacker can intercept the message and replace it with a new message, but he cannot compute an acceptable HMAC without knowing the secret key. If the recipient trusts the sender, he may accept an HMAC as authenticating the sender’s identity. However, the services of confidentiality and non-repudiation are not provided.[2]

References Edit

  1. NIST FIPS 201.
  2. NIST Special Publication 800-32, Introduction to Public Key Technology and the Federal PKI Infrastructure 10 (Feb. 26, 2001) (full-text).

Also on Fandom

Random Wiki