Hash-based Message Authentication Code (HMAC)

HMAC is a specific type of MAC function.

HMAC, sometimes also called Keyed-Hash Message Authentication Code, refers to a MAC function that use a hash function along with a key in order to produce a cryptographically-secure value. It is defined in RFC 2104 and generalized in FIPS 198-1.

HMAC is considered to be a more robust form of MAC than merely hashing a key with some input data. Whereas a trivial MAC might be something like this:

HASH(key || message)
    || = concatenation

The HMAC is defined like this:

HASH( (K ^ opad) || HASH((K ^ ipad) || message) )
    ^ = XOR operation
    || = concatenation
    K = the key or HASH(key) if the key length > hash function block size

Note that in many texts you will see references to HMAC written in a form like "HMAC-SHA256". What this refers to is the use of the HMAC algorithm with SHA-256 as the underlying hash function.

Resources: RFC 2104, FIPS 198-1

See Also: Hash Function, Message Authentication Code (MAC)