Introduction to HMAC
HMAC stands for the Hash-based Message Authentication Code. There are various message digest algorithms available. The goal behind HMAC is to reuse those message digest algorithms. It is developed to implement the security environment for internet protocol. HMAC works with any messages digest algorithm. It uses the message digest algorithm on the original message, it also uses a symmetric key to encrypt the message digest, which produces the MAC (Message Authentication Code). HMAC is similar to MAC, the difference is in HMAC, it uses a hash-based algorithm. Hash-based Message Authentication code is also used in SSL (Secure Socket Layer) protocol. Also, HMAC is faster to compute. Even if the underlying hash function is broken, HMAC will still provide better security, In this article, we are going to discuss the basic concept of the Hash-based Message Authentication Code and it’s working.
How HMAC Works?
Let us now take a look at the working of the Hash-based Message Authentication Code.
Step 1: Make the length of the symmetric key equal to several bits in each block.
There are three possibilities, based on each we need to act to equal the length of the key to the number of bits. The length of a key is less than the number of bits in each block. In this case, to equal the length of a key to several bits, we need to expand the length of the key by adding many 0 bits.
The length of a key is equal to several bits in each block. In this, we do not need to perform any action as the key is equal to the number of bits. The length of a key is greater than the number of bits in each block. In this case, to equal the length of the key to number bits, we need to trim the key by applying the message digest algorithm which we will use to produce the HMAC.
Step 2: XOR symmetric with pad.
In this step, we XOR the symmetric with the pad to produce a variable called S1.
4.5 (2,669 ratings)
Step 3: Append the original message to S1.
In this step, we append the original message at the end of S1.
Step 4: Apply the message-digest algorithm.
In this step, we apply the selected message-digest algorithm (MD5, SHA-1, SHA-512, etc) to the output of step 3. Let’s assume the output of this step 4 is H
Step 5: XOR symmetric key with pad.
In this step, XOR the symmetric key with pad to produce the variable called S2.
Step 6: Append H to S2.
In this step, we take the message digest which is calculated in step 4 and append it at the and of the S2 which is derived in the previous step i.e. step 5.
Step 6: Message digest algorithm.
In this step, we will apply the selected message-digest algorithm to the output of step 6. the generated Message digest of this step is the final MAC.
Disadvantages of HMAC
- Let us discuss some problems that we may face in the Hash-based Message Authentication Code.
As we have discussed earlier, the Hash-based Message Authentication Code uses a symmetric key. The symmetric key means the same key used by the sender and the receiver. The problem arises here is, how the sender and receiver will exchange the key?.
- Somehow the above problem, the exchange of symmetric key is solved, we cannot use the Hash-based Message Authentication Code in case of more than one receiver. this is because HMAC uses the symmetric key to generate MAC. The symmetric key must be shared only by two parties i.e sender and receiver.
- Another problem is, if we share the symmetric with multiple parties, how the receiver knows that the message was prepared and sent by the sender, not other receivers the keys are also shared with them, so there is the possibility of fraud that one of the receivers may create false messages.
In this article, we have seen the basic concept of the Hash-based Message Authentication Code and it’s working.
This is a guide to HMAC. Here we discuss the Introduction to Hash-based Message Authentication Code and its working with disadvantages. You can also go through our suggested articles to learn more –