HMAC

E37198

HMAC (Hash-based Message Authentication Code) is a cryptographic construction that combines a secret key with a hash function to provide data integrity and authentication.

All labels observed (14)

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf cryptographic construction
keyed hash function
message authentication code
advantage no need for new primitives beyond hash
simple to implement
widely supported in libraries
canBeTruncated yes
comparisonRequirement constant-time comparison recommended
component inner hash computation
outer hash computation
constructionType hash-based MAC
definedOver iterated hash functions
designGoal black-box use of hash function
provable security under standard assumptions
fullName HMAC self-linksurface differs
surface form: Hash-based Message Authentication Code
introducedBy Hugo Krawczyk
Mihir Bellare
Ran Canetti
keyProcessing keys longer than block size are hashed
keys shorter than block size are padded with zeros
outputType authentication tag
fixed-length tag
property resistant to length extension attacks (when underlying hash is vulnerable)
provides data integrity
message authentication
origin authentication
recommendedKeyLength at least as long as hash output
requires shared secret key
securityDependsOn key secrecy
secret key length
underlying hash function
standardizedIn FIPS 198-1
RFC 2104
typicalHashFunction MD5
SHA-1
SHA-256
SHA-512
usedFor API authentication
IPsec
JSON Web Tokens (JWT)
SSH
TLS
message integrity checks
uses cryptographic hash function
secret key
usesConstant inner padding (ipad)
outer padding (opad)
verificationMethod recompute and compare tag
yearIntroduced 1996

How these facts were elicited

Referenced by (28)

Full triples — surface form annotated when it differs from this entity's canonical label.

RFC 5246 uses HMAC
IPsec commonlyUsesAlgorithm HMAC
this entity surface form: HMAC-SHA1
SNMPv3 supportsAuthenticationProtocol HMAC
this entity surface form: HMAC-MD5-96
SNMPv3 supportsAuthenticationProtocol HMAC
this entity surface form: HMAC-SHA-96
RFC 4346 supports HMAC
HMAC fullName HMAC self-linksurface differs
this entity surface form: Hash-based Message Authentication Code
TLS 1.0 supportsMAC HMAC
this entity surface form: HMAC-SHA1
Poly1305 comparedTo HMAC
RFC 3414 authenticationProtocol HMAC
this entity surface form: HMAC-MD5-96
RFC 3414 authenticationProtocol HMAC
this entity surface form: HMAC-SHA-96
RFC 3546 defines HMAC
this entity surface form: Truncated HMAC extension
User-based Security Model uses HMAC
this entity surface form: HMAC-MD5-96 authentication protocol
RFC 2574 usesAlgorithm HMAC
this entity surface form: HMAC-SHA-96
TLS 1.2 PRF basedOn HMAC
RFC 2104 title HMAC
this entity surface form: HMAC: Keyed-Hashing for Message Authentication
RFC 2104 defines HMAC
FIPS 198-1 fullName HMAC
this entity surface form: The Keyed-Hash Message Authentication Code (HMAC)
FIPS 198-1 defines HMAC
TSIG supports HMAC
this entity surface form: HMAC-SHA256
Hugo Krawczyk knownFor HMAC
Hugo Krawczyk notableWork HMAC
this entity surface form: HMAC: Keyed‑Hashing for Message Authentication
Hugo Krawczyk notableWork HMAC
this entity surface form: On the security of HMAC and NMAC
Hugo Krawczyk notableConcept HMAC
this entity surface form: HMAC construction
Hugo Krawczyk notableConcept HMAC
this entity surface form: HKDF (HMAC‑based Key Derivation Function)
RFC 6066 defines HMAC
this entity surface form: Truncated HMAC extension
LibreSSL implements HMAC