keyed hash
A cryptographic hash (e.g., [R1828]) in which the mapping to a hash result is varied by a second input parameter that is a cryptographic key. (See: checksum.)
Senses
(I)
A cryptographic hash (e.g., [R1828]) in which the mapping to a hash result is varied by a second input parameter that is a cryptographic key. (See: checksum.)
Tutorial: If the input data object is changed, a new, corresponding hash result cannot be correctly computed without knowledge of the secret key. Thus, the secret key protects the hash result so it can be used as a checksum even when there is a threat of an active attack on the data. There are two basic types of keyed hash:
- A function based on a keyed encryption algorithm. Example: Data Authentication Code.
- A function based on a keyless hash that is enhanced by combining (e.g., by concatenating) the input data object parameter with a key parameter before mapping to the hash result. Example: HMAC.
References
- IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026RFC 4949 — Internet Security Glossary (Version 2)https://www.rfc-editor.org/rfc/rfc4949.txtRFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.Source: IETF RFC 4949 (rfc-editor.org).