Explain HMAC algorithm in brief?

It is specified as Internet standard RFC2104 . It uses hash function on the message:
HMACK = Hash[(K+ XOR opad) || Hash[(K+ XOR ipad)||M)]]

  • where K+ is the key padded out to size
  • and opad, ipad are specified padding constants
  • overhead is just 3 more hash calculations than the message needs alone
  • any hash function can be used
    • – eg. MD5, SHA-1, RIPEMD-160, Whirlpool

Fig. HMAC Structure

HMAC Security:

  1. proved security of HMAC relates to that of the underlying hash algorithm
  2. attacking HMAC requires either:
    • brute force attack on key used
    • birthday attack (but since keyed would need to observe a very large number of messages)
  3. choose hash function used based on speed verses security constraints

Leave a Reply

Your email address will not be published. Required fields are marked *