What is HMAC and how does it secure data

BlogProgrammer ZoneWhat is HMAC and how does it s...

Table of Contents

What is HMAC and how does it secure data

68

HMAC stands for Hash-based Message Authentication Code, a cryptographic mechanism used to ensure both the integrity and authenticity of a message. HMAC combines a cryptographic hash function with a secret cryptographic key to create a unique authentication code for a message.

In my previous article (Cryptography and Hashing Basics for Beginners) we got some visibility of the concept of Hashing and related concepts like Hashing Algorithm, Hash Collision and more importantly Message Integrity.

Hashing or better known as Hashing Algorithm is a mathematical formula, which convert an input or “Message” of any length, into a fixed-size string of bytes, typically called a digest, fingerprint that appears random. For more details, please go through the previous article (Cryptography and Hashing Basics for Beginners).

Using Hashing for message integrity

Lets say there are two person “A” and “B”. “A” wants to send a message to “B”.

To keep things simple, for the time being let’s consider the message is not a secret message anyone can read (secret message and encryption is for another article).

One of the objectives is to ensure that the message was not changes while in transit. In other word, to ensure data integrity.

Hashing can be used in this scenario. Let’s see how.

    1. Person “A” can pass the Message through a Hashing algorithm (MD5, SHA etc.) and generate a Digest.
    2. Person “A” sends both the Message and the Digest to Person “B”.
    3. Once “B” receives the message, separates the Message and Digest for future reference,
    4. “B” generates a new Digest using the same algorithm.
    5. If the two Digests matches, then we can conclude that the message was not changed during transit.

Of course, there are flaws in this over-simplified scenario. If someone captures the message during transit and changes the message, as well as generates a corresponding Digest using the same algorithm and sends the message to the target person “B”, then “B” will not be able to tell doing the above steps if the message was changed in transit.

The interceptor “C” captures the message and modifies it and re-generate a new Digest using the same algorithm and send the modified message and corresponding Digest to “B”.

Once “B” receives the message, separates the Message and Digest for future reference, generated a new Digest using the same algorithm and compare the two Digests, and they match.

Message Authentication Code (MAC)

In this scenario, the receiver can never know that it received a modified message on transit. So just hashing a message is not enough to detect integrity of the message. This has can be resolved by using a Message Authentication Code (MAC). Let’s have a closer look.

Before “A” and “B” exchanged any message they need to agree on two things:

1)  Sharing Secret Key:

Let’s say in this case, both “A” and “B” agreed on a secret Key to establish integrity of the messages, they will share the key between themselves in advance, and discretely. This Key can be any string of random text. This key will be same for both “A” and “B”.

The key is shared between themselves in advance discretely

2)  Combined the Message and the Key: 

They also agreed to combining the “Message” and the “Key” and then generate the hash Digest and not the other way as agreed earlier.

Send only Message and Digest

Now “A” combined the “Message” and the “Key” and generated a hash Digest and sent the Message and the Digest to “B”, Note that “A” did not send the Key.

Re-generate the Digest at Receiver end

Once “B” receives the Message and Digest, separates the Message and Digest, and combined the “Message” and the copy of “Key” as agreed earlier and generated a new hash Digest. The two Digests should match, else the message was modified in transit.

In this case even if the Hacker intercepts the Message and Digest in transit and replaces it with a modified Hash and generated a new corresponding Digest, the message will be rejected by “B” as the interceptor “C” is not aware of the key and the way to combine before generating the Digest.

This approach is established two things:

1)  Integrity

The integrity of the message is intact as the two hash Digests matches.

2)  Authentication

And the Sender “A” do have the secret Key (MAC) by which the message was Hashed. In other word the receiver is able to Authenticate the sender (owner of the Key)

 

This concept is called H-MAC (Hash-based Message Authentication Code) and it ensures Message Integrity and Authentication.

Please note in order to make HMAC work there are two preconditions:

  1. Both sender and receiver of the message should agree on the secret Key
  2. And both should agree on how to combine the Message and the Key.

The industry standard on how to implement this method of combining the message with a key and produce a hash digest is called Hash-based Message Authentication Code (HMAC).

RFC 2104 specification

There is a RFC specification on this standard to implement HMAC (RFC 2104)

SHARE :

Add a Comment

Your email address will not be published. Required fields are marked *

Share:

Table of Contents

More Posts

Is Your News, Entertainment, Music Fashion Website. We Provide You With The Latest Breaking News And Videos Straight

Category

Popular Posts

Newsletter

Send us a newsletter to get update

    © 2025 Dasideen | All rights Reserved. | Developed By Onlineooze Technologies Private Limited

    Empowering Minds, One Tech at a Time. Learn, Code, Create, Innovate.

    Email: info@dasideen.com

    Content Types

    Popular Posts

    Newsletter

    Subscribe to our Newsletters. Thanks for showing interest in our community.

    © 2025 Dasideen | All rights Reserved. | Developed By Onlineooze Technologies Private Limited
    Shopping Basket