What exactly is HMAC algorithm?
Before knowing the working or applications or formula of HMAC Algorithm, it’s very much essential that we must know what exactly HMAC is. When it comes to definition HMAC refers to a Keyed-Hashing for Message Authentication. It’s a MAC obtained by running a hash function over the data and a shared secret key.
The definition and analysis of the HMAC construction date back to 1996, where it saw its first publication in the paper. The 1996 paper which spoke about HMAC also defined NMAC. FIPS generalized and standardized the use of HMACs.
The HMAC can be applied in a number of scenarios, some of them are,
Working here basically involves providing the requestor and involved server with the private key which is only in the knowledge of them. For each and every request a different hash is made by the requestor. And then when there is a request by the client, the requisite data is hashed with the private key which was shared, which is sent as part of the request. HAMC is considered to be secure as the key and the message are then hashed in unique steps. Own HMAC is made by the server, whenever it receives a request. The client is taken to be legitimate only when both the HMAC’s are equal.
The formula for working with HMAC goes as follows
HMAC=hasfunc (secretkey message)
Firstly, the authentication function is of three types, namely
∙Message Authentication code
In HMAC the function of hash is applied with a key to the plain text. But before application of the function, there is a need to calculate S bits and then affix it to plain text and after that apply hash function. For a generation of those S bits, there is the use of a key that is shared between the sender and receiver.
In Brief, they can be said as,
The Procedure in detail can be explained as,
K is generated using K by padding O’s on the left side until the dimensions of K becomes b bits. B bits are the size of the blocks of the plain text. Ipad and opad are the two padding bits that are defined well in advance. And most importantly all these are finished before the hash function is applied.
Ipad – 00110110 opad – 01011100
Now there is a need for the calculation of S bits
S1 bits are obtained when K along with ipad is EXORed . The S1 resulting here is equal to b bits. This is obvious since both K and ipad are made up of b bits. Let the plain text message be taken as P with which we have to append S1.
From S1 to Pm each block is in b bits.
And M here is the number of blocks of plain text.
and p0 is a block of plain text with b, being the block size of plain text
The HASH algorithm is to be applied hereafter attaching S1 to Plain text.
The resultant thus is a hash code of n-bit.
HMACs are considered to be secured one by many; besides this, they have many advantages like,
Though there are many advantages, HMACs are not shielded from any disadvantages. Some of them are,
The usage of HMAC is considered to be secured. But the fact to be considered is in this modern era, even the most secure things sometimes are not enough to keep us safe. And HMAC is no exception to this. Though there are some loopholes in this system, they are going to be overcome in near future. It desirable for one to have a sound knowledge of this.
So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.