LLMpediaThe first transparent, open encyclopedia generated by LLMs

HMAC

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: OpenSSL Hop 4
Expansion Funnel Raw 54 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted54
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
HMAC
NameHMAC
Introduced1996
DigestVariable

HMAC

HMAC is a widely used keyed cryptographic hash function construction for message authentication that combines a secret cryptographic key with a hash function to produce a fixed-size tag. It provides message integrity and authenticity and is designed to remain secure even when the underlying hash function has certain weaknesses. HMAC underpins many protocols and standards across computing, networking, and information security.

Definition and Purpose

HMAC provides a method to authenticate messages between parties sharing a secret key, ensuring both integrity and origin authentication. It is used in protocols and standards such as Transport Layer Security, Internet Protocol Security, Kerberos, OAuth, and Pretty Good Privacy to protect messages and exchanges against tampering and forgery. Designed as a keyed-combination of a hash function and a secret, HMAC aims to resist known attacks on hash functions, including collision and length-extension attacks that affected functions like MD5, SHA-0, and early versions of SHA-1.

Construction and Algorithm

HMAC computes a MAC by processing the key and message with two nested applications of a hash function such as SHA-256, SHA-1, or SHA-3. The construction involves padding or hashing the secret key to the hash's block size, then XORing with two distinct constants (commonly called ipad and opad), and hashing the concatenation with the message in an inner and outer sequence. The formal algorithm is defined in standards produced by organizations such as the Internet Engineering Task Force and the National Institute of Standards and Technology. Implementations select parameterization (hash function, truncation length) to balance security and performance for use in suites like TLS 1.2 versus TLS 1.3.

Security Properties and Analysis

HMAC's security is provable under assumptions about the underlying hash behaving like a pseudorandom function or having strong collision resistance; formal proofs were developed by researchers associated with institutions such as Bell Labs, RSA Laboratories, and academia including MIT, Stanford University, and University of California, Berkeley. Security analyses consider resistance to existential forgery under chosen-message attack and show that for widely used hashes (e.g., SHA-256, SHA-512) HMAC achieves strong bounds. Cryptanalytic work by groups at NIST, European Union Agency for Cybersecurity, and researchers like those from Google and Microsoft has examined HMAC when instantiated with weakened hashes such as MD5 and SHA-1, guiding deprecation decisions in standards like those from the IETF and ISO/IEC.

Use Cases and Protocol Integration

HMAC is embedded in many protocols and products for authenticated communication: IPsec, S/MIME, OAuth 2.0, OpenID Connect, Secure Shell, and cloud services from providers such as Amazon Web Services and Google Cloud Platform use HMAC for signing tokens, API requests, and session data. It is common in file integrity checks, secure logging systems used by institutions like The Apache Software Foundation projects, and in hardware modules compliant with FIPS 140-2 and FIPS 140-3 for government and enterprise deployments. HMAC also appears in transport-layer suites standardized by bodies including the IETF and in application-layer schemes such as those used by Git and OpenSSL.

Implementation Considerations and Performance

Implementers must consider key management practices advocated by standards bodies like NIST and the IETF to avoid weak keys or reuse across contexts. Performance depends on choice of hash (e.g., SHA-1 versus SHA-256 versus SHA-3), block size, and platform acceleration such as instruction sets from Intel (e.g., SHA extensions) or hardware security modules from vendors like Thales and Gemalto. Side-channel resistance (timing attacks, cache attacks) is a practical concern in libraries like LibreSSL, OpenSSL, BoringSSL, and language runtimes from Oracle Corporation and the Python Software Foundation, which implement constant-time comparisons and hardened code paths. Truncation and tag length choices affect bandwidth and collision probabilities and are discussed in guidelines from IETF working groups and regional standards agencies such as ENISA.

History and Standardization

HMAC was specified in the mid-1990s and formalized in key standards from the IETF (e.g., RFC publications) and NIST guidance. Its development and analysis involved contributors from academic and industrial centers such as RSA Laboratories, Bell Labs, MIT, and CMU. Over time, standardization bodies including ISO/IEC, IETF, and NIST updated recommendations as cryptanalysis of hash functions like MD5 and SHA-1 matured, leading to migration guidance toward stronger hashes such as SHA-256, SHA-384, and SHA-3. Adoption across protocols like IPsec, TLS, and Kerberos reflects its role in practical security engineering and interoperability efforts championed by organizations like IETF and large vendors including IBM and Microsoft.

Category:Message authentication codes