Message authentication codes (MACs) and hash-based message authentication codes (HMACs) give you assurance that your online communications are secure and trustworthy. These codes perform a number of functions when communications are involved, including:
- Ensuring the message originated from the expected person
- Proving that no one intercepted and altered the message as it traveled
- Guaranteeing that the message does not have harmful code in it
MACs appear in many different types of data communication. When data is sent–a text message, file download, or shopping order–-that data is encrypted, or hashed, to produce a fixed-length string of numbers and letters. Should someone intercept the message and try to add or change it, the numbers and letters change. The mismatch between the original hash and the modified one alerts the recipient that the data has been compromised without breaking either user’s privacy.
MAC and HMAC operate similarly. HMAC is a subset of MAC that adds another layer of security. We’ll discuss the relationship between these two that you need to know to take full advantage of them.
What does MAC do?
MAC uses hashing algorithms to verify the integrity and authenticity of data being stored or sent over a network.
Let’s say you send a text message to a friend. First, your plain text message is hashed. Hashing produces a fixed-length string of numbers and letters. That string will always be the same as long as the input is the same, and any change–even a single character–will drastically alter the output of the hashing algorithm. This string will serve as your message authentication code, also known as a checksum.
After adding the code to the message, the message travels to the recipient. The recipient hashes the message again to produce a new code. If it matches the code from the sender, then the recipient knows the message is authentic. The chances of two different messages resulting in the same hash code are almost zero, so if the message has been compromised, the two codes will be different.
MACs help ensure a secure channel between the sender and the recipient of the message. Because the message must pass through multiple networks and servers from beginning to end, many third-parties could compromise it. MAC generates code that guarantees the message did not experience any alterations as it traveled.
Codes are often stored in a hardware security module (HSM), which is a hardware device that handles particularly sensitive data. HSM also provisions cryptographic keys for encryption and authentication.
Both the sender and recipient put the message through the same hash algorithm, which allows them to generate the same code. If the recipient cannot create a MAC that matches the MAC on the message, then the recipient will be alerted that the message has been compromised.
Benefits of MAC
Because so many networks and pieces of hardware are part of the internet, and because messages travel through many different parts of the internet, MAC is vital to sending and receiving sensitive data. Without MAC, you couldn’t be absolutely sure that the data is legitimate and that the sender is who they say they are.
MAC gives the recipient confidence that the sender’s identity is legitimate. You can have complete confidence that the sender generated the data because of MAC.
Along the same lines, because MAC guarantees that the message did not go through any alterations as it traveled to the recipient’s destination, you don’t have to worry that the sender’s message is different from what the recipient received. MAC ensures that hackers did not alter the message or that a glitch on the internet caused the message to not arrive intact.
Real life example of benefits of using MAC
Let’s say a business associate needs to gain access to one of your bank accounts to send a secure payment. You decide to provide access by sending a message to the associate that contains the account name.
MAC ensures that you can do this safely. When you use the MAC tag with your message, you allow the recipient to trust that you sent the message and that the data arrived unaltered.
If a hacker managed to intercept the message and wanted to try to trick your business associate into sending the payment to a different account, the hacker might change the message’s contents before sending it on again.
However, MAC will let the associate know that the message underwent some sort of alteration while traveling. Because the MACs don’t match, your messaging app will alert you that the message has been compromised in some way, and not deliver the message.
You likely use message authentication codes all the time online without realizing it, because your device checks these codes for you in the background. For example, financial institutions rely on MAC for making electronic funds transfers and to give customers access to their financial accounts.
Limitations of using MAC
Although MAC sounds almost foolproof, there are a few potential drawbacks and risks to making use of MAC.
If you and your recipient do not use the same procedures to create the MAC, for example, the two MACs may not match. You must use the same hash algorithm and message input on both ends. This process is usually automated and hidden from users.
To use MAC, you must take some steps ahead of time to send messages back and forth with the recipient. You both need the secret key in hand before you can use MAC, so some preparation work is necessary. One way to do this is with RSA.
Hashing algorithms are one-way, so hashes cannot be reversed to deduce their original input.
MAC guarantees that the message does not change from the sender to the recipient and, in the case of HMAC, that one of the two parties holding the shared key generated it.
Finally, MAC cannot provide non-repudiation guarantees, meaning that although the sender and receiver can be assured the message did not change en route, neither party can guarantee which of them originated the message.
Real life example of limitations of using MAC
To explain non-repudiation further: If you receive a message from a sender that includes a business proposal, and if MAC shows the message is legitimate, you might believe the sender cannot back out of the proposal later by claiming someone intercepted and changed the proposal en route. After all, the sender cannot say that the message contained altered information.
However, because MAC does not offer non-repudiation assurances, the sender could try to deny sending the message. The sender may accuse you as the recipient of creating a fake message and taking advantage of the fact that you could use MAC to make it appear as though it came from the sender.
Either the recipient or the sender could generate the MAC. There is no limitation that forces only the sending party to generate the MAC.
Of course, this is an extremely rare occurrence. Most of the time, the sender and recipient agree on who generated and sent the message, and MAC allows the recipient to verify the sender’s identity. If you were involved in a legal battle, though, you could not use MAC as proof in court of which of the two parties originated the message.
When to consider HMAC instead of MAC
Additionally, MACs could be susceptible to a length extension attack. Even though a hacker does not know the input used to create the MAC, it is possible after a period of time to reverse engineer the length of the MAC and then generate an additional length to attach to the MAC. This could fool the recipient into believing the message arrived unaltered. This is a hack that requires time to set up and deploy, though.
One way to avoid the length extension attack is to make use of HMAC instead of MAC to send secure messages.
What does HMAC do?
HMAC is one of the types of MAC. Using a shared secret key, HMAC generates a cryptographic hash function on the message that you want to send. Think of HMAC as an extension to what MAC is able to do.
HMAC is important because it has the ability to add a layer of security to using MAC, guarding against things like the length extension attack.
HMAC allows you to combine a secret key with the message. It then makes use of a hash algorithm on the message, generating a hash. With this hash in hand, it then applies a second key to the new message, generating coding that it can attach to the message as an HMAC tag.
Upon receipt of the message, the recipient takes the same steps the sender did to create an HMAC tag. When the two HMAC tags match, the recipient can be confident that the message is in its original form and that it originated from the expected sender.
This application of the second key gives HMAC another level of protection versus MAC. HMAC frequently uses cryptographic hash functions like MD5, SHA-1, or SHA-256 to come up with the HMAC value. However, some of these hash functions are no longer considered safe, which may give some people pause about using HMAC.
What are hash functions?
Because MAC relies so heavily on hash functions, it’s helpful to have an understanding of how they work.
A hash function transforms data of any size into a fixed-size value. This is the hash value, often shortened to hash. You can place the hashes into a hash table to create an ordering of the data, making them ideal for data retrieval or data storage.
Hash functions only work in one direction. You cannot determine the original input of a hash function’s output.
Because of the way the hash function works, if you input the same data, you’ll receive the same hash value. However, if you tweak the data slightly, you’ll receive a completely different hash value. It’s impossible for two different inputs to yield the same hash value.
Security of MD5, SHA-1, and SHA-2
Neither the MD5 hash function nor the SHA-1 hash function are safe for most cryptographic purposes when used by themselves. However, SHA-2 continues to be considered secure.
MD5 initially appeared for use in 1991 as an upgrade to the MD4 hash function. A few years after the release of MD5, researchers began to question the security of it. Through collision attacks, the researchers could generate identical hashes that could render MD5 insecure.
Although MD5 continued to be considered secure for another decade, researchers eventually proved that collisions worked for hacking MD5. Researchers were able to use the collisions to create two certificates that contained the same digital signature before publishing their verified findings.
By 2005, MD5 was widely considered to be broken. However, you can continue to use HMAC with MD5 safely. The way HMAC uses MD5, it doesn’t open MD5 to the vulnerabilities through collision attacks.
The SHA-1 algorithm, short for Secure Hash Algorithm-1, initially appeared in 1995. It suffered the same problems with collision attacks that plagued MD5. Consequently, SHA-1 was no longer considered secure by 2005, replaced by SHA-2.
Because of the way HMAC works, though, you can still use it with SHA-1 securely, as HMAC doesn’t expose SHA-1 to collision attacks.
The SHA-2 algorithm commonly appears in online security situations. SHA-256 is the most common iteration of the SHA-2 family. SHA2 is a family of hashing algorithms of varying strength including SHA-256, SHA-384, and SHA-512. Each iteration uses the same basic parts of the SHA-2 algorithm.
SHA-2 is a part of numerous security protocols, including:
- Internet Protocol Security
- Pretty Good Privacy (PGP)
- Secure/Multipurpose Internet Mail Extensions
- Secure Shell (SSH)
- Transport Layer Security (TLS/SSL)
The SHA-3 algorithm is available, but it hasn’t yet replaced SHA-2 in widespread use. SHA-3 has significantly different structures than SHA-2, and some security professionals do use it.
So is HMAC still secure?
Even though HMAC sometimes relies on hash functions that are no longer considered secure on their own, like MD5 and SHA-1, HMAC can continue to use those hash functions securely. HMAC’s ability to maintain security has nothing to do with the security problems that these hash functions have.
Even using these older hash functions, HMAC remains a secure protocol. Without knowing the shared secret key that the sender and recipient are using, the hacker cannot decipher HMAC. It remains highly resistant to brute force attacks, too.
Real life examples of using HMAC
Because of the extra layer of security built into HMAC, many people will use it for highly sensitive data. For example, those in the financial industries, who must abide by numerous regulations, are able to use HMAC for things like sharing personally identifying information or account numbers.
Additionally, you may need to use HMAC in situations where you cannot use public key systems.
HMAC is an option for storing passwords because of the high level of security it provides. It also works well for filling requests from an account holder to reset a password or for having a person request a new account by verifying an email address.
Some VPNs use HMAC to secure in-tunnel web traffic.
Putting HMAC and MAC to use
MAC and HMAC are an extremely important part of providing secure communications on the internet. Without MAC and HMAC, it would be far more difficult to guarantee the authenticity of a message and that it came from a particular sender.
When you want to share sensitive personal data, financial account information, or healthcare information, while knowing the message did not undergo changes while en route, MAC and HMAC give you the ability to do so.