**HMAC Concept**

Figure: Basic block diagram of HMAC |

HMAC stands for HASH Message Authentication Code (HMAC) is a specific technique for calculating a message authentication code (MAC) involving a combination of cryptographic hash function and a secret key cryptography.

**HMAC Structure & Implementation**

Figure : HMAC Structure |

Figure : HMAC Implementation |

**HMAC Algorithm**

- Append zeros to the left end of K to create a
b-bit string K
^{+}. - XOR (bitwise exclusive-OR) with ipad to
produce the b-bit block S
_{i}. - Append M to S
_{i}. - Apply H to the stream generated in step 3.
- XOR K
^{+}with opad to produce the b-bit block S_{0}. - Append the hash result from step 4 to S
_{0}. - Apply H to the stream generated in step 6 and
output the result.

**HMAC Algo Step by Step Explanation**

**Step – 1:** Make the
length of K^{+} equal to b.

If length
of K^{+ }< b: add 0 bit as required to the left of k.

If length
of K^{+ }= b: In this case, we do not take any action, and proceed to
step 2.

If length
of K^{+ }> b: we need to trim k, for this, we pass K through the
message-digest algorithm(H) selected for this particular instance of HMAC.

**Step – 2:** XOR K^{+}
with ipad to produce S_{i}.

XOR K^{+
}(the output of step 1) and ipad to produce a variable called S_{i}.

Here ipad
= 00110110 (36 in Hexadecimal) repeated b/8 times.

Equation,
K^{+ }⊕ ipad = S_{i}

**Step – 3:** Append
original message M to S_{i}

Take the
original message (M) and simply append it to the end of S_{i}.

Equation,
[(K^{+ }⊕ ipad) || M] = S_{i} || M

**Step – 4:** Apply
Message-digest algorithm

The
selected message-digest algorithm (e.g. MD5,SHA-l, etc.) is applied to the
output of step 3.

Equation, H[(K^{+ }⊕ ipad) || M] = H(S_{i}
|| M)

**Step – 5:** XOR K^{+}
with opad to produce S_{o}

XOR K^{+}
(the output of step 1) with opad to produce a variable called as S_{o}.

Here opad
= 01011100 (5C in Hexadecimal) repeated b/8 times.

Equation,
K^{+ }⊕ opad = S_{o}

**Step – 6:** Append H
to S_{o}

Append
the message digest calculated in step 4 to the end of S_{o}.

Equation,
(K^{+ }⊕ opad) || H[(K^{+ }⊕ ipad) || M] = S_{o }||_{
}H(S_{i} || M)

**Step – 7:** Apply
Message-digest algorithm

The
selected message-digest algorithm (e.g. MD5, SHA-I, etc.) is applied to the
output of step 6 (i.e. to the concatenation of S_{o} and H). Finally we
got MAC.

Equation,
HMAC(K, M) = H[(K^{+ }⊕ opad) || H[(K^{+ }⊕ ipad) || M]]

**Pros & Cons of HMAC**

**Pros:**

HMAC is
faster to compute and verify digital signatures because they use hash functions
rather than public key.

HMACs can
be used in some cases where the use of public key cryptography is prohibited.

HMACs are
much smaller than digital signatures.

**Cons:**

Key
exchange is main issue, so can’t prevent against replay of message attack.

HMAC
cannot be used if the number of receivers is greater than one.

If
multiple parties share the same symmetric key. How does a receiver know that the
message was prepared and sent by the sender.

**To learn more about MAC based on Hash Function (HMAC) , watch below video**

**Video : MAC based on hash function**

**Watch more videos click here.**

## No comments:

## Post a Comment