concept HMAC in category cryptography
This is an excerpt from Manning's book Real-World Cryptography MEAP V09.
Imagine the set of all functions that take a variable-length input and produce a random output of a fixed-size. If we could pick a function at random from this set, and use it as a MAC (without a key), it would be swell. We would just have to agree on which function (kind of like agreeing on a key). Unfortunately, we can’t have such a set (it is way too large) and thus we can emulate picking such a random function by designing something close enough: we call such constructions pseudo-random function (PRF). HMAC and most practical MACs are such constructions: they are randomized by the key argument instead. Choosing a different key, is like picking a random function. Caution though, as not all MACs are PRFs.
The most widely used MAC is HMAC (for Hash-based MAC) invented in 1996 by M. Bellare, R. Canetti, and H. Krawczyk and specified in RFC 2104, FIPS PUB 198, and ANSI X9.71. HMAC, like its name indicates, is a way to use hash functions with a key. Using a hash function to build MACs is a popular concept as hash functions have widely available implementations, are fast in software, and also benefit from hardware support on most systems.
Remember that I have mentioned in chapter 2 that SHA-2 should not be used directly to hash secrets due to length-extension attacks (more on that at the end of this chapter). How does one figure out how to transform a hash function into a keyed function? This is what HMAC solves for us. Under the hood, HMAC is pretty basic, as illustrated in figure 3.9.
Figure 3.9. HMAC works by hashing the concatenation (
||) of a keyk1and the input message, and by then hashing the concatenation of a keyk2with the output of the first operation.k1andk2are both deterministically derived from a secret keyk.
More formally, HMAC follows these steps: