- HMAC stands for Hashed-based Message Authentication Code is used to verify the integrity and authenticity of a message.
- HMAC can be used with any iterative cryptographic hash function e.g., MD5, SHA-1, SHA-256, SH!-512 in combination with a shared secret key.
- If used with MD5, it is called HMAC-MD5.
- If used with SHA-1, it is called HMAC-SHA1. etc
- Once the HMAC hash is calculated , the message must be sent alongside the HMAC hash.
How HMAC is Used
- To compute HMAC over a message m the following steps are applied :
- HMAC is constructed by hashing the XOR of the secret key K with the outer padding opad concatentated with the hash of the secret key K XORed with the inner padding ipad concatenated with the message.
- The values opad and ipad are constants and were arbitrarily chosen by the HMAC designers.
- opad is the byte value 0☓5C repeated B times.
- ipad is the byte value 0☓35 repeated B times.
- Where B is the blocksize in bytes of the underlying hash function (MD5, SHA-1, etc.)\
- To compute HMAC in a more "understandable" way:
- inner_key = K ⊕ ipad
- outer_key = K⊕ opad
- inner_hash - H(inner_key || m)
- HMAC(K,m) = H (outer_key || inner_hash)
No comments:
Post a Comment