HMAC

E37198

cryptographic construction keyed hash function message authentication code

HMAC (Hash-based Message Authentication Code) is a cryptographic construction that combines a secret key with a hash function to provide data integrity and authentication.

Jump to: Surface forms Statements Referenced by

Observed surface forms (5)

Surface form	Occurrences
HMAC-MD5-96	2
HMAC-SHA-96	2
HMAC-SHA1	2
Hash-based Message Authentication Code	1
Truncated HMAC extension	1

Statements (49)

Predicate	Object
instanceOf	cryptographic construction ⓘ keyed hash function ⓘ message authentication code ⓘ
advantage	no need for new primitives beyond hash ⓘ simple to implement ⓘ widely supported in libraries ⓘ
canBeTruncated	yes ⓘ
comparisonRequirement	constant-time comparison recommended ⓘ
component	inner hash computation ⓘ outer hash computation ⓘ
constructionType	hash-based MAC ⓘ
definedOver	iterated hash functions ⓘ
designGoal	black-box use of hash function ⓘ provable security under standard assumptions ⓘ
fullName	HMAC self-linksurface differs ⓘ surface form: Hash-based Message Authentication Code
introducedBy	Hugo Krawczyk ⓘ Mihir Bellare ⓘ Ran Canetti ⓘ
keyProcessing	keys longer than block size are hashed ⓘ keys shorter than block size are padded with zeros ⓘ
outputType	authentication tag ⓘ fixed-length tag ⓘ
property	resistant to length extension attacks (when underlying hash is vulnerable) ⓘ
provides	data integrity ⓘ message authentication ⓘ origin authentication ⓘ
recommendedKeyLength	at least as long as hash output ⓘ
requires	shared secret key ⓘ
securityDependsOn	key secrecy ⓘ secret key length ⓘ underlying hash function ⓘ
standardizedIn	FIPS 198-1 ⓘ RFC 2104 ⓘ
typicalHashFunction	MD5 ⓘ SHA-1 ⓘ SHA-256 ⓘ SHA-512 ⓘ
usedFor	API authentication ⓘ IPsec ⓘ JSON Web Tokens (JWT) ⓘ SSH ⓘ TLS ⓘ message integrity checks ⓘ
uses	cryptographic hash function ⓘ secret key ⓘ
usesConstant	inner padding (ipad) ⓘ outer padding (opad) ⓘ
verificationMethod	recompute and compare tag ⓘ
yearIntroduced	1996 ⓘ

Referenced by (11)

Full triples — surface form annotated when it differs from this entity's canonical label.

RFC 3414 → authenticationProtocol → HMAC ⓘ

this entity surface form: HMAC-MD5-96

RFC 3414 → authenticationProtocol → HMAC ⓘ

this entity surface form: HMAC-SHA-96

IPsec → commonlyUsesAlgorithm → HMAC ⓘ

this entity surface form: HMAC-SHA1

Poly1305 → comparedTo → HMAC ⓘ

RFC 3546 → defines → HMAC ⓘ

this entity surface form: Truncated HMAC extension

HMAC → fullName → HMAC self-linksurface differs ⓘ

this entity surface form: Hash-based Message Authentication Code

RFC 4346 → supports → HMAC ⓘ

SNMPv3 → supportsAuthenticationProtocol → HMAC ⓘ

this entity surface form: HMAC-MD5-96

SNMPv3 → supportsAuthenticationProtocol → HMAC ⓘ

this entity surface form: HMAC-SHA-96

TLS 1.0 → supportsMAC → HMAC ⓘ

this entity surface form: HMAC-SHA1

RFC 5246 → uses → HMAC ⓘ