5

Preamble: I am quite new to HMACs, so please forgive me if the question is a little bit dumb.

As far as I understood, an HMAC is used to make sure that a message has not been tampered. So basically, it serves as a hash code. But, as the hash algorithm is known an attacker could easily calculate a new hash code for the tampered version of the message.

This is what HMACs try to solve: They provide a hash which is not only based upon the message that shall be hashed, but also on a cryptographic key. This way it is not possible to calculate a valid for the message without knowledge of the key.

Is this right so far?

My question now is: What do we need HMACs for if we can achieve the same goal using public key signing? IIRC signing works exactly the same way: Calculate a hash and sign it to make sure that nobody tampered either the message or the hash.

So what's the point of an HMAC?

Golo Roden
  • 140,679
  • 96
  • 298
  • 425

1 Answers1

6

An HMAC is smaller in size and takes much less CPU to compute and verify than any know public key operation for comparable security levels.

David Schwartz
  • 179,497
  • 17
  • 214
  • 278
  • Okay, but conceptually it's the same? – Golo Roden Jan 17 '13 at 05:26
  • 2
    No, not really. A public key signature associates an identity with a signature that can be checked by someone with whom you have no shared secret. An HMAC just allows tampering to be detected by someone with whom you do have a shared secret. – David Schwartz Jan 17 '13 at 05:31
  • Then I have not yet understood their meaning. If I have a shared secret anyway, why not just encrypt/decrypt using AES, e.g.? – Golo Roden Jan 17 '13 at 05:35
  • 1
    That's what you usually do. You use a symmetric cipher like AES to do the encryption/decryption and an HMAC to do verification or to detect tampering. If you don't have a shared secret, you use some public key operation to get one. Cryptographic primitives are rarely used alone. – David Schwartz Jan 17 '13 at 05:39
  • 1
    @golo-roden AES by itelf doe not tell if any byte has been removed or modified, which is the function of a MAC; HMAC is one type of MAC. CMAC is another MAC which can be built entirely with AES. However, HMAC is much more widespread and easier to use. – SquareRootOfTwentyThree Jan 17 '13 at 06:38
  • 3
    @GoloRoden Encryption provides confidentiality, a mac provides authentication and prevents modification. In practice you should use some kind of authenticated encryption, which combines a cipher and a mac. – CodesInChaos Jan 17 '13 at 12:40