Abstract: The use of cryptographic hash functions like MD5 or SHA for
message authentication has become a standard approach in many Internet
applications and protocols. Though very easy to implement, these mechanisms
are usually based on ad hoc techniques that lack a sound security analysis.
We present new constructions of message authentication schemes based
on a cryptographic hash function. Our schemes, NMAC and HMAC,
are proven to be secure as long as the underlying hash function has
some reasonable cryptographic strengths. Moreover we show, in a
quantitative way, that the schemes retain almost all the security of
the underlying hash function. In addition our schemes are efficient
and practical. Their performance is essentially that of the underlying
hash function. Moreover they use the hash function (or its compression
function) as a black box, so that widely available library code or
hardware can be used to implement them in a simple way, and
replaceability of the underlying hash function is easily supported.
Ref: Extended abstract was in Advances in Cryptology - Crypto 96
Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed,
Springer-Verlag, 1996. Full paper available below.
Full paper: Available as compressed
postscript, postscript, or
pdf. ( Help if this doesn't work).
Abstract: We describe HMAC and explain its security properties.
Ref: RSA Laboratories' CryptoBytes Vol. 2, No. 1,
Spring 1996.
Text available: As compressed postscript,
postscript, or pdf. ( Help if this doesn't work).
Ref: Internet RFC 2104, February 1997.
Text of the RFC: Available here
Keying hash functions for message authentication
Authors: M. Bellare, R. Canetti, and
H. Krawczyk Message authentication using hash functions: The HMAC
construction
Authors: M. Bellare, R. Canetti, and
H. Krawczyk HMAC: Keyed-Hashing for Message Authentication
Authors: H. Krawczyk, M. Bellare, and
R. Canetti Related work and links