Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What is HMAC in Information Security?
HMAC stands for Keyed-Hashing for Message Authentication. It is a message authentication code acquired by running a cryptographic hash function (such as MD5, SHA1, and SHA256) over the information (to be authenticated) and a shared secret key. HMAC is defined in RFC 2104.
HMACs are same as digital signatures. They both provide integrity and authenticity. They both need cryptography keys and they both apply hash functions. The major difference is that digital signatures need asymmetric keys, while HMACs need symmetric keys (no public key).
HMAC can be used in sequence with some iterated cryptographic hash function. MD5 and SHA-1 are instance of hash functions. HMAC also need a private key for computation and verification of the message authentication values.
A hashed message authentication code can simultaneously check the authentication of the message and data integrity related to it. The size of the secret key used decides the cryptographic durability of the hashed message authentication code.
A hashed message authentication code can draw on iterative cryptographic hash functions including SHA-1 and MD-5 along with the secret key. The hashed message authentication code supports a public and private key to both the server and the client. Although the public key is known, the private key is only known to the definite client and server.
The entire process begins with the client making a unique hashed message authentication code based on the information requested and hashing the requested data along with a private key.
This is sent as an element of the request to the server, which in turn correlate the two hashed message authentication codes, and if discovered same, enables for the client to be dependable and the request to be implemented. The complete process is also called a secret handshake.
The main goals of HMAC are as follows −
It can use, without alteration, available hash functions. In specific, hash functions that implement well in software, and for which code is freely and broadly available.
It can maintain the original performance of the hash function without acquiring a significant degradation.
It can use and manage keys in a simple way.
It can have a well understood cryptographic analysis of the durability of the authentication structure based on reasonable assumptions on the basic hash function.
It can enable for easy replaceability of the basic hash function in case that quicker or more secure hash functions are found or needed.
The main objective of the hashed message authentication code is that it is less influenced by collisions and is considered as brute force to acquire the secret cryptographic key.
Hashed message authentication code supports a convenient approach to check whether the information has been tampered with and the authenticity of the user.
2K+ Views
