Providing a way to check the integrity of information transmitted over, or stored within, an unreliable medium is a prime necessity in the world of open computing and communications. Mechanisms that provide such integrity checks based on a secret key are usually called message authentication codes (MACs). Typically, MACs are used between two parties that share a secret key in order to authenticate information transmitted between these parties. HMAC is a particular type of mac function that uses a cryptographic hash function in conjunction with a secret key. HMAC uses a secret key for the calculation and verification of the MAC.
The main goals behind the HMAC construction are:
- To use available hash functions without modifications; in particular, hash functions that perform well in software, and for which code is freely and widely available
- To preserve the original performance of the hash function without incurring a significant degradation
- To use and handle keys in a simple way
- To have a well-understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions on the underlying hash function
- To allow for easy replaceability of the underlying hash function in the event that faster or more secure hash functions are later available
As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.
An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1, respectively), although it can be truncated if desired. Truncating the hash image reduces the security of the MAC which is upper bound by the birthday attack.
The construction and analysis of HMACs was first published in 1996 by Mihir Bellare, Ran Canetti, and Hugo Krawczyk. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC-SHA-1 and HMAC-MD5 are used within the IPsec and TLS protocols.
VOCAL offers a wide range of cryptographic solutions in both hardware and software form factors.