IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [hmac]

a method for constructing a message authentication code based on a cryptographic hash function.

HMAC (Hash-based Message Authentication Code) is a method constructing a message authentication code based on a cryptographic hash function. The HMAC construction was published in 1996 by Mihir Bellare, Ran Canetti and Hugo Krawczyk. It is standardized in RFC 2104.

The HMAC construction can be used with any cryptographic hash function. Common examples include HMAC-SHA1, HMAC-SHA-256 and, in older use, HMAC-MD5.

HMAC can be proven to be secure as long as the hash function satisfies some rather mild security assumptions. In the original 1996 paper the security of HMAC was proven based on the assumption that the hash is a "weakly collision resistant" iterated hash function and that its compression function is a pseudo-random function (PRF).

In 2006 Mihir Bellare published a new security proof of HMAC based solely on the assumption that the compression function is a PRF or, alternatively, that the hash is "computationally almost universal" and that the compression function is a privacy-preserving MAC. In particular, the new proof shows that, despite the practical collision attacks known against the MD5 hash function, the HMAC-MD5 construction remains secure (at least as long as no new attacks are discovered).

288 questions
188
votes
5 answers

How and when do I use HMAC?

I was reading HMAC on wikipedia and I was confused about a few points. Where do I use HMAC? Why is the key part of the hash? Even if someone successfully used a "length-extension attack", how would that be useful to the attacker?
user5575
75
votes
2 answers

What's the difference between HMAC-SHA256(key, data) and SHA256(key + data)

Is there anything different about how secure these two hashing algorithms are? Does HMAC "fuse" the data and the key in a special way that's more security-aware?
phillips1012
  • 851
  • 1
  • 7
  • 3
6
votes
1 answer

Proper way to combine multiple secrets into one HMAC key?

I am using HMAC+SHA256 to sign and verify claims in a web application. Each deployment has its own crypto-random 512-bit secret that I can use as the HMAC key, but in some cases I want to mix in another secret as well. For example, by mixing in…
JounceCracklePop
  • 161
  • 2
5
votes
3 answers

Why can't a cryptographic hash inside a cryptogram serve as a MAC?

My question is closely related to Why do you need message authentication in addition to encryption? Specifically I am interested in symmetric-key cryptography. I understand that attackers may modify cryptographic messages and the resulting…
satur9nine
  • 181
  • 3
3
votes
1 answer

Does the HMAC of symmetric key revealed weakens the encryption?

If I reveal the HMAC of encryption key, does it weaken the secrurity of the payload ? e.g, I would construct following security packet cipher: bf_cbc IV: initialization vector to the cipher key-md5: md5 of the encryption key crypt-text: encrypted…
boo9
  • 85
  • 7
2
votes
0 answers

Is hashing the HMAC secret key a good idea?

I'm implementing a REST API and I've generated 128-bit random API keys which are used with HMAC-SHA1 for authorization. Should I hash the secret key on both the client and server before using it, maybe with SHA1 or bcrypt? This would avoid storing…
noisecapella
  • 121
  • 3
2
votes
1 answer

Calculating HMAC

I've been trying to learn how HMAC is calculated but seem to be missing something. According to this wiki page, calling HMAC-SHA1 on an empty key and message should result in a value of fbdb1d1b18aa6c08324b7d64b71fb76370690e1d. I've confirmed it…
Jaime Kings
  • 23
  • 3
2
votes
0 answers

Protect secret key on sender

Context In our game company we're choosing between different leaderboard service providers and I'm trying to decide if using one of them with a set structure will be "safe-enough". I understand that "safe-enough" is very subjective, so I'm trying to…
Xavier Arias Botargues
  • 121
  • 2
0
votes
0 answers

Using HMAC when sending data through an untrusted server

I have a set up like this: Payment Server (PS) <> Front End (FE) <> Client JS. I need to get some data from the Client JS to the PS, without the FE being able to modify it and have PS prove that correct. In this situation, the FE acts as store and…
Paul
  • 527
  • 4
  • 8
0
votes
1 answer

Where are MAC used?

I can think of where people use hashes and signatures. But where are MAC used in real life? Are there any protocol in cryptography that uses MAC? Or examples where MACs are relevant?
David 天宇 Wong
  • 169
  • 6