Message Authentication Code (MAC)

A Message Authentication Code (MAC) is a value that provides some level of assurance that some given input data is authentic or, at the very least, serves to provide some level of integrity check. Sometimes, this value is called an "authentication tag" (e.g., see RFC RFC3711).

To better understand the role of a Message Authentication Code (MAC), consider an application that encrypts data. When decrypting, how can one be sure that the output matches the original file? This is where a MAC is handy. Often placed at the end of a file, a MAC can tell the software decrypting the file if the file has been altered in any way. This provides assurance to the user that the decrypted file is correct and matches the originally encrypted file.

One such algorithm to produce a MAC is called HMAC and takes a cryptographic key as input along with the data to produce a cryptographically secure value that can be verified by anyone with the original key. HMAC can be used with a variety of hash functions.

See Also: Hash Function, Hash-based Message Authentication Code (HMAC)