Hash based Message authentication code (HMAC)

This algorithm involves a cryptographic hash function and a secret cryptographic key. This is more secure than any other authentication code.

HMAC uses the algorithm like MD5 and SHA and checks to replace the embedded hash function with more secure hash function.

Working:

1. HMAC starts with taking a message M containing blocks (L) of length b bits.
2. An i/p signature is padded to the left of the message and the whole is given as input to the hash function which gives a temporary message digest MD'.
3. MD' again is appended to an o/p signature and the whole is applied a hash function again. The result is final message digest MD.

Steps:

1. Make length of key k=b

There are three possibilities.

• k < b
• k = b
• k > b

if k < b then expand 'k' such that it is equal to 'b'

if k = b then no change

if k > b then compress k such that k =b

1. Generation of i/p and o/p signature

$S_i = k^+⊕ ipad$

$S_o = k^+ ⊕ opad$

• Where $k^+$ is k padded with zeros on the left so that the result is b bits in length.

• ipad and opad are 0011 0110 & 0101 1010 respectively taken b/8 times respectively.

where,

H = Hash function

M = Original Message

$s_i$ = Input signature

$s_o$ = Output signature

$Y_i$ = $i^{th}$ block in original message M where (i = 1 to 2 )

L = N of blocks in MD

K = Secret key for hashing

IV = Initial vector (some constant)

MD' = Temporary message digest = H($S_i$ || M)

MD = Final message digest = H($S_o$ || M') or H($S_0$ || H($S_i || M$))