Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
175 views

HMAC Algorithm Stands For Hashed or Hash Based Message Authentication Code

HMAC is a message authentication code that uses cryptographic hash functions. It provides greater security than other authentication codes by applying a hashing function twice - once with a key padded with an inner pad and once with the result and a key padded with an outer pad. HMAC has been adopted for use in IPsec and SSL due to its strong security properties and flexibility in replacing the embedded hash function if needed.

Uploaded by

Marianinu antony
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
175 views

HMAC Algorithm Stands For Hashed or Hash Based Message Authentication Code

HMAC is a message authentication code that uses cryptographic hash functions. It provides greater security than other authentication codes by applying a hashing function twice - once with a key padded with an inner pad and once with the result and a key padded with an outer pad. HMAC has been adopted for use in IPsec and SSL due to its strong security properties and flexibility in replacing the embedded hash function if needed.

Uploaded by

Marianinu antony
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

HMAC algorithm stands for Hashed or Hash based Message Authentication Code.

It is a result of work done on developing a MAC derived from cryptographic hash


functions.

HMAC is a great resistant towards cryptanalysis attacks as it uses the Hashing


concept twice.

HMAC consists of twin benefits of Hashing and MAC, and thus is more secure than
any other authentication codes

HMAC has been chosen as the mandatory-to-implement MAC for IP security, and is
used in other Internet protocols, such as SSL

HMAC has been made compulsory to implement in IP security. The FIPS 198 NIST

design objectives for HMAC:

• To use, without modifications, available hash functions. In particular, hash


functions that perform well in software, and for which code is freely and widely
available.

• To allow for easy replaceability of the embedded hash function in case faster or
more secure hash functions are found or required.

• To preserve the original performance of the hash function without incurring a


significant degradation.

• To use and handle keys in a simple way.

• To have a well understood cryptographic analysis of the strength of the


authentication mechanism based on reasonable assumptions about the embedded
hash function.

A hash function such as SHA was not designed for use as a MAC and cannot

be used directly for that purpose, because it does not rely on a secret key.
There have been a number of proposals for the incorporation of a secret key into

an existing hash algorithm. The approach that has received the most support is
HMAC

HMAC algorithm –
The working of HMAC starts with taking a message M containing blocks of
length b bits. An input signature is padded to the left of the message and the whole
is given as input to a hash function which gives us a temporary message digest MD’.
MD’ again is appended to an output signature and the whole is applied a hash
function again, the result is our final message digest MD

Here, H stands for Hashing function,


M is original message
Si and So are input and output signatures respectively,
Yi is the ith block in original message M, where i ranges from [1, L)
L = the count of blocks in M
K is the secret key used for hashing
IV is an initial vector (some constant)
The generation of input signature and output signature Si and So respectively.
Secret Key K.

n < K+ < b

ipad = input pad

= 36 H = 0011 0110

opad = output pad

= 5C H = 0101 1100
HMAC Structure

1. The message is divided into L blocks, each of b bits


2. The secret key K+ is left-padded with 0’s to create a b-bit key. It is
recommended that the secret key , before padding be longer than n-bits,
where n is the size of the HMAC.
3. The result of step 2 is Exclusive-ORed with a constant called i-pad (input pad)
to create a b-bit block. The value of i-pad is the b/8 repetition of the sequence
00110110 (36 in hex).
4. The resulting block is prepended to the L-block message.
5. The result of step-4 is hashed to create an n-bit digest. We call this
as intermediate HMAC.
6. The intermediate HMAC is left-padded with 0’s to make a b-bit block.
7. Step 3 is repeated with a different constant o-pad (output pad). The value of
o-pad is the b/8 repetition of the sequence 0101 1100 (5C in hex).
8. The result of step-7 is prepended to the result of step-6.
9. The result of step-8 is hashed with the same hashing algorithm to create the
final n-bit HMAC.

You might also like