Keyed-hash message authentication code

A keyed-hash message authentication code, or HMAC, is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, e.g., SHA-1, RIPEMD-160, may be used in the calculation of an HMAC; the cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function and on the size and quality of the key.

The construction and analysis of HMACs was first published in 1996 by Mihir Bellare, Ran Canetti, and Hugo Krawczyk, who also authored RFC 2104. FIPS PUB 198 generalizes and standardizes the use of HMACs.

External Links

• RFC 2104, "HMAC: Keyed-Hashing for Message Authentication'', http://www.ietf.org/rfc/rfc2104.txt
• FIPS PUB 198, The Keyed-Hash Message Authentication Code, http://csrc.nist.gov/publications/fips/fips198