7 Message authentication codes

This chapter covers

Understanding the relationship between the integrity and authenticity of a message
Working with message authentication codes (MACs)
Understanding attacks on secret-prefix and secret-suffix MACs
Hash-based MACs (HMACs) and their resistance to length-extension and collision attacks

In the previous chapter, we saw how hash functions are used to calculate and ascertain data integrity. In this chapter, we look at the closely related topic of authenticity and how message authentication codes (MACs) are used to ensure that a message was indeed authored by a particular sender. We will dive deep into approaches for building MACs on top of hash functions and the associated risks. Specifically, we will exploit Merkle–Damgård–based hash functions for a length-extension attack, which has historically led to vulnerabilities with API authentication schemes.

7.1 Message integrity and authenticity

7.2 Different types of MACs

7.3 Secret-prefix MACs and length-extension attacks

7.3.1 Implementing a bank API that uses secret-prefix hashing for authentication

7.3.2 Exploiting secret-prefix MACs using length-extension attacks

7.4 Secret-suffix MACs and collision attacks

7.5 HMACs: Hash-based MACs

Summary