What are the differences between Message Authentication Codes (MAC) and Keyed-Hashing for Message Authentication (HMAC)? Could you provide an example of an instance where one is a better option than the other?
As we’ll discuss, the biggest difference between MAC and HMAC involves how each hashes its encrypted messages. However, let's start by looking at a simple message digest algorithm. It takes a single input -- a message -- and produces a message digest, often called a hash. The message can be the contents of an email or any sort of digital content. Any change to the message will result in a completely different hash being generated. Due to this avalanche effect, a hash allows you to verify the integrity of the message, as an unchanged message will always result in the same hash value.
A MAC differs from a simple message digest algorithm as it takes two inputs: a message and a secret key known only to the originator of the message and its intended recipient(s). By using a secret key, a MAC allows the recipient of the message to not only verify the integrity of the message, but also authenticate that the sender of the message has the shared secret key. If a sender doesn’t know the secret key, the hash value would then be different, thus allowing the recipient to see the message was not from the original sender. There are four types of MACs:
1. Unconditionally secure
2. Hash function-based
3. Stream cipher-based
4. Block cipher-based
The most common approach to creating a MAC has been to use block ciphers like DES, but hash function-based MACs, or HMACs (Keyed-Hashing for Message Authentication), which use a secret key in conjunction with a cryptographic hash function to produce a hash, have become more widely used. The basic requirements for hash function encryption are that the input can be of any length, the output has a fixed length, they're relatively easy to compute, and they're able to withstand known types of cryptanalytic attack. The key to the latter is being strongly collision-free. This means it must be computationally infeasible to find any two messages that result in the same hash value.
Hash functions such as SHA-1 and SHA-256 are significantly faster than ciphers like DES and the algorithm code is widely and freely available, plus there are no export restrictions on hash functions. What makes HMAC more secure than MAC is that the key and the message are hashed in separate steps. It can also be proven secure based on the cryptographic strength of the underlying hash function, the size of its hash output length and on the size and strength of the secret key used.
MAC and HMAC are both used to provide integrity and authentication when data is transferred over untrusted networks such as the Internet, but the type of hash used should always relate to the risks to the data. The HMAC specification was developed to combat attacks on more trivial mechanisms for combining a key with a hash function. A major difference between TLS and SSL is TLS ensures integrity by appending an HMAC to the packet header, whereas SSL only appends a MAC, which is why TLS and SSL do not interoperate.
This was first published in August 2011