A cryptographic technique used to verify both the integrity and authenticity of a message. It combines a cryptographic hash function with a secret key to produce a fixed-size authentication code. This ensures that any modification to the message, whether accidental or malicious, will result in a mismatched code when verified by the recipient.
The process involves hashing the message together with the secret key in a structured way that prevents specific attacks against plain hash functions. Because the key is required to generate and verify the code, HMAC provides strong assurance that the message came from a trusted source.
HMAC is used widely in security protocols such as Transport Layer Security (TLS), Secure Real-time Transport Protocol (SRTP), IPsec, and JSON Web Tokens (JWT). It can work with different hash algorithms, including SHA-1, SHA-256, and SHA-512, allowing systems to choose a balance between speed and cryptographic strength.
Related Martech Zone Content
