Message Authentication Codes (MAC)

Hash, or digest, computed with a key.

• Only key-holders can generate and validate the MAC.

Used to authenticate messages.

• M’ = M | MAC(M)

Approaches

Encryption of an ordinary digest.

• Using, for instance, a symmetric block cipher.

• Using encryption with feedback & error propagation.

  • ANSI X9.9 (or DES-MAC) with DES CBC (64 bits).

  • CBC-MAC

Adding a key to the hashed data.

• Keyed-MD5 (128 bits).

  • MD5(K, keyfill, text, K, MD5fill).

• HMAC (Hashed-based MAC).

  • Generic construction, uses a hash function H.

  • Output length depends on H.

  • HMAC-MD5, HMAC-SHA, etc.

• H ( K, opad, H ( K, ipad, text ) )

• ipad = 0x36 B times

• opad = 0x5C B times