Contents
Do we have to use a key with a fixed size in HMAC if so what is the key size if not why?
The key for HMAC can be of any length (keys longer than B bytes are first hashed using H). However, less than L bytes is strongly discouraged as it would decrease the security strength of the function. Keys longer than L bytes are acceptable but the extra length would not significantly increase the function strength.
How is an HMAC different than a hash?
They are message encryption, message authentication code, and hash functions. The major difference between MAC and hash (HMAC here) is the dependence of a key. In HMAC we have to apply the hash function along with a key on the plain text. The hash function will be applied to the plain text message.
What is the point of HMAC?
Hash-based message authentication code (HMAC) is a mechanism for calculating a message authentication code involving a hash function in combination with a secret key. This can be used to verify the integrity and authenticity of a a message.
What’s the difference between a salt and a HMAC?
An HMAC incorporates additional secret data in the form of a key. This key is combined with the message in a much deeper way than a salt, and may be used in addition to a simple salt of the message.
What’s the difference between HMAC and a keyed hash?
HMAC is a Message Authentication Code, which is meant for verifying integrity. This is a totally different kind of beast. However, it so happens that HMAC is built over hash functions, and can be considered as a “keyed hash” — a hash function with a key.
Can a secret salt be used to authenticate a message?
A “secret salt” for a public message, to produce a tamper-proof authenticated hash would work in theory, but in practice our hash functions are imperfect, and when used in this way they are vulnerable to attacks that add data to the original message and change the hash in a predictable way (a “length extension attack”).
Which is better a key or a salt?
A key is not a salt (keys are secret, salts are not). But the unique characteristics of HMAC make it a reasonable building block for other functions, which is what happens in PBKDF2: that’s a key derivation function, commonly subverted into password hashing (a role for which it appears to be adequate).