Questions tagged [hmac]

a method for constructing a message authentication code based on a cryptographic hash function.

HMAC (Hash-based Message Authentication Code) is a method constructing a message authentication code based on a cryptographic hash function. The HMAC construction was published in 1996 by Mihir Bellare, Ran Canetti and Hugo Krawczyk. It is standardized in RFC 2104.

The HMAC construction can be used with any cryptographic hash function. Common examples include HMAC-SHA1, HMAC-SHA-256 and, in older use, HMAC-MD5.

HMAC can be proven to be secure as long as the hash function satisfies some rather mild security assumptions. In the original 1996 paper the security of HMAC was proven based on the assumption that the hash is a "weakly collision resistant" iterated hash function and that its compression function is a pseudo-random function (PRF).

In 2006 Mihir Bellare published a new security proof of HMAC based solely on the assumption that the compression function is a PRF or, alternatively, that the hash is "computationally almost universal" and that the compression function is a privacy-preserving MAC. In particular, the new proof shows that, despite the practical collision attacks known against the MD5 hash function, the HMAC-MD5 construction remains secure (at least as long as no new attacks are discovered).

282 questions

265

votes

7 answers

Password Hashing: add salt + pepper or is salt enough?

Please Note: I'm aware that the proper method for secure password storage hashing is either scrypt or bcrypt. This question isn't for implementation in actual software, it's for my own understanding. Related How to apply a pepper correctly to…

asked Apr 22 '11 at 09:53

Jacco

7,402
4
32
53

184

votes

5 answers

How and when do I use HMAC?

I was reading HMAC on wikipedia and I was confused about a few points. Where do I use HMAC? Why is the key part of the hash? Even if someone successfully used a "length-extension attack", how would that be useful to the attacker?

hmac

asked Sep 13 '12 at 11:22

user5575

votes

4 answers

What are requirements for HMAC secret key?

I'm creating HTTP REST service which will be available over tls only. For authentication purposes I plan to generate JWT token for every user using HMAC HS256. I need a secret key for HMAC. What are the requirements for secret key? Do I need a long…

key-generation hmac sha256

asked Aug 05 '15 at 10:49

ivstas

votes

2 answers

What's the difference between HMAC-SHA256(key, data) and SHA256(key + data)

Is there anything different about how secure these two hashing algorithms are? Does HMAC "fuse" the data and the key in a special way that's more security-aware?

hmac

asked Jan 20 '15 at 03:19

phillips1012

votes

2 answers

Salted hashes vs HMAC?

Most of discussions involving access credentials include references to "hashing salted passwords". Is this another way to referring to the HMAC algorithm or a totally different operation? Different or not, why not using HMAC since this is easily…

passwords hash password-management hmac algorithm

asked Jan 30 '13 at 14:01

Drew Lex

2,013
2
19
24

votes

1 answer

Why can't I use the same key for encryption and MAC?

I wrote a simple file encryption program as an example of how to do encryption correctly, but after reading a questions about encryption + MAC, I think I made a mistake by using the same key for both. I'm about to fix my program to generate a longer…

encryption hmac

asked Jun 22 '13 at 17:27

Brendan Long

2,878
1
19
27

votes

1 answer

When to use HMAC alongside AES?

One of my clients wants to provide an URL to each of his customers to register in a system. This URL would contain a query string parameter with some data (e.g. code, email and name) from his clients encrypted using AES with CBC, similar to this (IV…

cryptography aes hmac

asked Jul 14 '14 at 21:06

Guilherme Sehn

votes

3 answers

Is a HMAC-ed password is more secure than a bcrypt-ed or scrypt-ed password?

Given an option , which one should I choose , a HMAC for storing a password securely or a bcrypt or scrypt library?

passwords hash bcrypt scrypt hmac

asked Jul 04 '12 at 10:51

user917279

votes

1 answer

Why a symmetric key for HMAC?

I am working on securing a RESTful API and am using the Amazon AWS HMAC model as my guide. I am struggling with coming up with a secure way to store the symmetric keys on my end. What is the standard practice? This is a Java web app running in a…

hmac rest asymmetric

asked Apr 26 '13 at 12:42

user25231

votes

2 answers

Timing attack against HMAC in authenticated encryption?

In an answer to another question of mine, it was noted that a class using standard string comparison functions when checking the HMAC in authenticated encryption would make the class vulnerable to timing attacks against the HMAC. I can't wrap my…

encryption hmac timing-attack

asked Dec 08 '14 at 15:42

Monika

1,092
1
10
21

votes

3 answers

Securing a multi-tenant, multi-database REST API

I am looking to improve the security of an existing REST API accessed over SSL. The web service is multi-tenant, such that each tenant has an assigned TenantId. The problem I facing can be summarized as: How can I determine the tenant? How can I…

oauth rest hmac json

asked Jan 23 '15 at 14:27

Rebecca

votes

1 answer

FIDO, U2F Compatibility

I've been following the FIDO standard (a consumer-friendly public-key system similar to SSH key pairs) and it appears that it's close to being complete: both Google and PayPal have been testing it internally for some time, the just-announced Samsung…

hmac one-time-password yubikey fido

asked Apr 01 '14 at 18:31

Indolering

votes

1 answer

When authenticating ciphertexts, what should be HMACed?

Some have argued for using AES-256-CTR with HMAC-SHA-256 for authenticated encryption over AEAD-specific modes like EAX and GCM. However, when doing, this, what should be HMAC'd? And how? Specifically: Should a key different from the encryption key…

encryption authentication hmac

asked Sep 20 '12 at 23:26

Stephen Touset

5,736
1
23
38

votes

1 answer

Security for REST api (user/pass auth vs hmac vs oauth)

I have two servers (one on Hetzner (I am calling it H) and other in my office (calling it O) ). I need to run a basic CRUD web service on O and the only consumer of the service is H. Data on O is sensitive user data. This is a temporary duct tape…

authentication rest hmac

asked Jul 30 '13 at 13:01

Abhinav Kaushik

votes

2 answers

JWT: Choosing between HMAC and RSA

It is my understanding that HMAC is a symmetric signing algorithm (single secret key) whereas RSA is an asymmetric signing algorithm (private/public key pair). I am trying to choose between these 2 methods for signing JSON Web Tokens. However, I…

digital-signature rsa hmac jwt

asked Oct 25 '19 at 04:41

4Matt

2 3

…

18 19 Next