Hashed Message Authentication Code

Why Trust Techopedia

What Does Hashed Message Authentication Code Mean?

A hashed message authentication code (HMAC) is a message authentication code that makes use of a cryptographic key along with a hash function. The actual algorithm behind a hashed message authentication code is complicated, with hashing being performed twice. This helps in resisting some forms of cryptographic analysis. A hashed message authentication code is considered to be more secure than other similar message authentication codes, as the data transmitted and key used in the process are hashed separately.

Advertisements

Techopedia Explains Hashed Message Authentication Code

Similar to other message authentication codes, a hashed message authentication code can simultaneously verify the authentication of the message and data integrity associated with it. The size of the secret key used determines the cryptographic strength of the hashed message authentication code. A hashed message authentication code can make use of iterative cryptographic hash functions such as SHA-1 and MD-5 along with the secret key. The hashed message authentication code provides a public and private key to both the server and the client. Although the public key is known, the private key is only known to the specific client and server. The whole process starts with the client creating a unique hashed message authentication code based on the data requested and hashing the requested data along with a private key. This is sent as part of the request to the server, which in turn compares the two hashed message authentication codes, and if found equal, allows for the client to be trusted and the request to be executed. The whole process is also known as a secret handshake.

One of the key benefits of the hashed message authentication code is that it is less affected by collisions and is considered as brute force to obtain the secret cryptographic key. Hashed message authentication code provides a convenient technique to verify whether the data has been tampered with and the authenticity of the user.

However, one drawback associated with hashed message authentication code is the absence of any privacy, which can also be obtained with full encryption.

Advertisements

Related Terms

Margaret Rouse
Technology expert
Margaret Rouse
Technology expert

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.