ALERT

[FREE DEMO] Deploy Your Enterprise Cloud in Minutes

Hashed Message Authentication Code (HMAC)

Definition - What does Hashed Message Authentication Code (HMAC) mean?

A hashed message authentication code (HMAC) is a message authentication code that makes use of a cryptographic key along with a hash function. The actual algorithm behind a hashed message authentication code is complicated, with hashing being performed twice. This helps in resisting some forms of cryptographic analysis. A hashed message authentication code is considered to be more secure than other similar message authentication codes, as the data transmitted and key used in the process are hashed separately.

Techopedia explains Hashed Message Authentication Code (HMAC)

Similar to other message authentication codes, a hashed message authentication code can simultaneously verify the authentication of the message and data integrity associated with it. The size of the secret key used determines the cryptographic strength of the hashed message authentication code. A hashed message authentication code can make use of iterative cryptographic hash functions such as SHA-1 and MD-5 along with the secret key. The hashed message authentication code provides a public and private key to both the server and the client. Although the public key is known, the private key is only known to the specific client and server. The whole process starts with the client creating a unique hashed message authentication code based on the data requested and hashing the requested data along with a private key. This is sent as part of the request to the server, which in turn compares the two hashed message authentication codes, and if found equal, allows for the client to be trusted and the request to be executed. The whole process is also known as a secret handshake.

One of the key benefits of the hashed message authentication code is that it is less affected by collisions and is considered as brute force to obtain the secret cryptographic key. Hashed message authentication code provides a convenient technique to verify whether the data has been tampered with and the authenticity of the user.

However, one drawback associated with hashed message authentication code is the absence of any privacy, which can also be obtained with full encryption.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.