What is the difference between MAC and Hash function in Information Security?


MAC stands for Message Authentication Code. It is also defined as a tag. It can be used to authenticate the origin and characteristics of a message. MACs need authentication cryptography to check the legitimacy of information sent through a network or moved from one person to another.

A MAC is created by a keyed secure hash function on a message. It can be used to provide the integrity of the message such that if a message secured by a MAC is tampered, it can be identified by comparing the MAC contained with in the message and the recalculated MAC.

Message authentication codes are generally needed to create any type of financial account. Banks, brokerage firms, trust organization, and some other deposit, investment, or insurance organization that provide online access can use these codes. They are an important component of financial cryptography.

A MAC is also called a keyed hash. A MAC may or may not be generated from a hash function though HMAC and KMAC are keyed hashes that based on a basic hash function, while AES-CMAC is one that relies on the AES block cipher, as the name indicate.

Message authentication codes are also one-way, but it is required to understand both the key as well as the message to produce the MAC value. Because of this they can be used to support message integrity and message authenticity, much like ensure one-way hashes in signatures.

For the other party or parties to check the MAC they of course also require the same (thus symmetric) key. That also define that they can produce an authentication tag themselves; a specific level of trust is needed by the parties that implement the verification.

Hash Function

A one-way hash function is a function where it cannot receive any data about the input message by implementing calculations. Generally one-way hash functions are known as cryptographically secure hash functions. Examples are SHA-256 and SHA- 512 and other SHA-2 derivatives and as expected the next introduced SHA-3 family of hashes.

MD5 and SHA-1 are also one-way hash functions. They are not treated to be secure anymore as hash collisions can be produced. Hash functions can be used to support message integrity and authenticity, but the value of the hash should be trusted.

Therefore, an attacker can only make a hash over a different message and use that to restore the original hash. This trust can be supported by a private key calculation (a signature). Another method is to store the hash on a trusted site, so that it can check the integrity of files put on a mirror.