# 📝HMAC

• tags: § Cryptography
• RFC: RFC 2104 - HMAC: Keyed-Hashing for Message Authentication
• Hash-based Message Authentication Code
• Can be used to verify both data integrity and authenticity of a message.
• Can be used with any cryptographic hash function.
• size of the HMAC output is the same as that of the hash function
• HMAC does not encode message. The message should be sent along with the HMAC. All other parties will hash the message and should receive the same HMAC value.
• HMAC is not vulnerable to Length extension attack
• inputs:
• key
• message
• output:
• HMAC hash value of fixed length

Algorithm:

• two pads are produced from the key (outer and inner) by xoring key with byte-filled arrays of 0x5c and 0x36 respectively.
• these constants are computed so that pads have large hamming distance
• $\mathrm{HMAC}(key, data) = \mathrm{Hash}(opad || \mathrm{Hash}(ipad || data))$ where $||$ is concatenation