HMAC

A keyed hash [R2104] that can be based on any iterated cryptographic hash (e.g., MD5 or SHA-1), so that the cryptographic strength of HMAC depends on the properties of the selected cryptographic hash. (See: [R2202, R2403, R2404].)

Derivation: Hash-based MAC. (Compare: CMAC.)

Tutorial: Assume that H is a generic cryptographic hash in which a function is iterated on data blocks of length B bytes. L is the length of the of hash result of H. K is a secret key of length L <= K <= B. The values IPAD and OPAD are fixed strings used as inner and outer padding and defined as follows: IPAD = the byte 0x36 repeated B times, and OPAD = the byte 0x5C repeated B times. HMAC is computed by H(K XOR OPAD, H(K XOR IPAD, inputdata)).

HMAC has the following goals:

• To use available cryptographic hash functions without modification, particularly functions that perform well in software and for which software is freely and widely available.
• To preserve the original performance of the selected hash without significant degradation.
• To use and handle keys in a simple way.
• To have a well-understood cryptographic analysis of the strength of the mechanism based on reasonable assumptions about the underlying hash function.
• To enable easy replacement of the hash function in case a faster or stronger hash is found or required.