Best IT Recipes

What is the difference between a hash and a MAC (message authentication code)?

What is the difference between a hash and a MAC (message authentication code)?

By their definitions, they seem to perform the same function.

Can someone explain what the difference is?

+45
terminology cryptography hash
May 14 '10 at 17:09
source share
7 answers

The main difference is conceptual: while hashes are used to ensure data integrity, the MAC guarantees integrity and authentication.

This means that the hash code is blindly generated from the message without any external input: what you receive is what can be used to check if the message received any change while it was being moved.

Instead, the MAC uses the private key as the seed for the hash function used when generating the code: this should ensure that the recipient not only did not change the message, but also sent it as we expected: otherwise, the attacker could not know the secret key used to generate code.

According to wikipedia, you have:

While MAC functions are similar to cryptographic hash functions, they have different security requirements. To be considered safe, the MAC function must resist existential falsification in selected-plaintext attacks. This means that even if the attacker has access to the oracle, which has a secret key and generates MAC addresses for messages of the selected attacker, the attacker cannot guess the MAC for other messages without performing impossible calculations.

Of course, although there are similarities, they are implemented differently: usually the MAC generation algorithm is based on a hash code algorithm with an extension that takes care of using the private key.

+44
May 14 '10 at 17:20
source share

A hash is a function that creates a digest from a message. A cryptographically secure hash for which it is computationally impossible to create a message with this digest. The message hash itself does not provide information about the sender of this message. If you can safely transmit the message hash, you can use it to verify that a large message has been received correctly over insecure transport.

A message authentication code is a way of combining a shared secret key with a message, so that the recipient of the message can authenticate that the sender of the message has a shared secret, and someone who does not know the secret key could send or change the message.

HMAC is a hash-based message authentication code. This usually involves applying a hash function one or more times to some combination of a shared secret and message. HMAC usually refers to an algorithm registered in RFC 2104 or FIPS-198.

The MAC does not encrypt the message so that the message is in plain text. It does not reveal the secret key, so the MAC can be sent through the open channel without compromising the key.

+14
May 14, '10 at 17:19
source share

Found this to answer a question from another forum.

These types of cryptographic primitives can be distinguished by the security objectives that they perform (in the simple β€œadd to message” protocol):

Integrity: Can the recipient be sure that the message was not accidentally changed?

Authentication: Can the recipient be sure that the message was sent from the sender?

Non-refusal: If the recipient sends the message and confirmation to third parties, can a third party be sure that the message originated from the sender? (Please note that I'm talking about denial of denial in a cryptographic sense, not in a legal sense.) This question is also important:

Keys: Does the primitive require a shared secret key or public keys? I think the short answer is best explained by the table:

Cryptographic primitive | Hash | MAC | Digital Security Goal | | | signature ------------------------+------+-----------+------------- Integrity | Yes | Yes | Yes Authentication | No | Yes | Yes Non-repudiation | No | No | Yes ------------------------+------+-----------+------------- Kind of keys | none | symmetric | asymmetric | | keys | keys

Remember that authentication without confidence in the keys used is useless. For digital signatures, the recipient must be sure that the verification key actually belongs to the sender. For MAC addresses, the recipient must be sure that the shared symmetric key was only transmitted to the sender.

Click here for more information.

+8
Jun 16 '16 at 4:34
source share

Basically the main difference is that the MAC uses the private key and the hash does not use any keys. Because of this, the MAC allows us to achieve authentication.

+3
May 12 '14 at 18:41
source share

HASH FUNCTION: a function that maps a message of any length to a hash value of a fixed length that serves as an authenticator.

MAC: a message function and a secret key that creates a fixed length value that serves as an authenticator.

+2
Nov 06 '14 at
source share

A Hash is a summary or fingerprint of a message and provides neither integrity nor authentication, as it is susceptible to a man-in-the-middle attack. Suppose A wants to send a message M in combination with a hash H from M to B. Instead, C grab a message and generate a message M2 and hash H2 from M2 and send it to B. Now B can by no means verify this is original message from A or not. However, the hash can be used in other ways to ensure integrity and authentication, such as MAC.

The MAC, which is also a message summary, provides integrity and authentication. MAC can be computed in many ways. The easiest way is to use a hash function with two inputs, a message and a shared secret key. Using a shared secret key adds authentication capability to the MAC and thus provides integrity and authentication. However, the MAC still does not provide a waiver, since either of the parties having a shared secret key can issue a message and MAC. At the same time, the digital signature and public key cryptography take place in action.

+2
Dec 15 '16 at 21:53
source share
  • Hash functions use asymmetric cryptography, while the MAC uses symmetric cryptography.
  • Cryptographic hash functions are not always MAC, but MAC can be cryptographic hash functions (keyed hash functions).
  • Hash functions provide non-repudiation when the MAC does not provide non-re
-6
Apr 22 '13 at 7:42 on
source share


More articles:


All Articles