HMAC

A keyed hash [R2104] that can be based on any iterated cryptographic hash (e.g., MD5 or SHA 1), so that the cryptographic strength of HMAC depends on the properties of the selected cryptographic hash. (See: [R2202, R2403, R2404].) Derivation: Hash based MAC. (Compare: CMAC.) Tutorial: Assume that H is a generic cryptographic hash in which a function is iterated on data blocks of length B bytes. L is the length of the of hash result of H. K is a secret key of length L <= K <= B. The values IPAD and OPAD are fixed strings used as inner and outer padding and defined as follows: IPAD = the byte 0x36 repeated B times, and OPAD = the byte 0x5C repeated B times. HMAC is computed by H(K XOR OPAD, H(K XOR IPAD, inputdata)). HMAC has the following goals: To use available cryptographic hash functions without modification, particularly functions that perform well in software and for which software is freely and widely available. To preserve the original performance of the selected hash without significant degradation. To use and handle keys in a simple way. To have a well understood cryptographic analysis of the strength of the mechanism based on reasonable assumptions about the underlying hash function. To enable easy replacement of the hash function in case a faster or stronger hash is found or required.