HMAC stands for Hash-based Message Authentication Code. It is a specific type of message authentication code (MAC) used in cryptography to verify both the data integrity and authenticity of a message. HMAC uses a cryptographic hash function and a secret cryptographic key to provide authentication using a shared secret instead of using digital signatures with asymmetric cryptography. It is used to ensure that the contents of a connection remain private and that the packets received have not been tampered with.
HMAC keys consist of two parts: cryptographic keys and a hash function. The cryptographic keys are used to encrypt and decrypt the message, while the hash function is used to alter or digest the message. HMAC uses generic cryptographic hash functions, such as SHA-1, MD5, or RIPEMD-128/60.
HMAC is used within the IPsec, SSH, and TLS protocols and for JSON Web Tokens. It is also suitable for Internet of Things (IoT) environments and regulated industries, like healthcare or finance.
The design of the HMAC specification was motivated by the existence of attacks on more trivial mechanisms for combining a key with a hash function. HMAC provides dual levels of protection, making it ideal for applications involving sensitive data, like personally identifiable information or credit card numbers.
