Message Authentication Codes

Protecting the integrity of a payload is done via the use of a Message Authentication Code (MAC) also called a keyed-hash. Which one to use and how to use one securely? This is what this page is about.

Can I use SHA-2(k || M) as a MAC?

No. This is vulnerable to a key-length extension.

Can I use SHA-2(k || M || k) as a MAC?

If done correctly, yes. But it is not straight-forward to implement. So better use HMAC() or KMAC().

Are HMAC-MD5 or HMAC-SHA1 insecure?

No. Since HMAC relies on MD5 or SHA-1's pre-image resistance. However, as attacks only get better, is it poor taste to continue using hash functions that have been broken, even in HMAC.

results matching ""

    No results matching ""