Hash-based Message Authentication Code
(HMAC)
HMAC stands for “Hash-based Message Authentication Code”.
HMAC has been chosen as a mandatory security implementation for the Internet Protocol (IP) security,
and is also used in Secured Socket Layer
(SSL) protocol, widely used on internet.
The fundamental idea behind HMAC is to reuse the existing
message-digest algorithms, such as MD5 or SHA-1. HMAC work with any message
digest algorithm. That is, it treats message digest as a black box. Additionally,
it uses the shared symmetric key to encrypt the message digest, which produce
the output MAC.
The
Working of HMAC: - Various variables that will be used in
HMAC working:
MD
= The message digest/ hash function used (e.g. MD5, SHA-1 etc.)
M = The input message whose MAC will be
calculated.
L = The
number of blocks in the message M.
B = The number of bits in each block.
K = The shared symmetric key to be used in
HMAC.
Ipad = A string 00110110 repeated b/8
times.
Opad = A string 01011010 repeated b/8
times.
1) Make the length of K equal to b The
algorithm will starts with three possibilities, depending on the length of the
key K:
·
Length of K < b in this case, we need to
expand the key (K) to make the length of K equal to the number of bits in the original
message block.
·
Length of K = b in this case we will take no
action.
·
Length of K > b in this case we need to trim
K to make the length of K equal to the number of bits in the original block (I.e.
b)
2) XOR K
with ipad to produce S1.
3) Append
M to S1
4) Select
message digest algorithm (e.g. MD5, SHA-1. Etc.)
5) XOR K
with opad to produce S2
6) Append
H to S2
7) Use
message digest algorithm
1 comments:
simple and easy :)