Message Authentication (MAC)
HMAC, CMAC, Poly1305 and other MAC algorithms
What is Message Authentication (MAC)?
MAC (Message Authentication Code) is a cryptographic code used to verify the integrity and authenticity of a message. To make a simple analogy, MAC is like a seal on a letter - it checks whether the letter has been altered and whether it really came from the sender. MAC provides both data integrity (that the data has not been changed) and authentication (who the sender is).
Use Cases
- Secure communication protocols
- API authentication
- Data integrity verification
- Financial transactions
- Blockchain verification
- Software updates
Key Features
- Data integrity guarantee
- Authentication
- Collision resistance
- Fast verification
- Key-based security
Algorithm Comparison
| Algorithm | Security | Speed | Use Cases |
|---|---|---|---|
| HMAC-SHA256 | Very High | Fast | API securityJWT tokensGeneral-purpose authenticationRecommended for new designs |
| HMAC-SHA1 | HMAC-SHA256+ is preferred for new systems. HMAC-SHA1 is only acceptable for compatibility requirements. | Fast | Systems requiring compatibilityHMAC-SHA256+ recommended for new designs; HMAC-SHA1 acceptable for compatibility |
| CMAC | Very High | Fast | Block cipher-based applicationsHigh-security systems |
| Poly1305 | Very High | Very Fast | Not used alone, used with AEAD schemes (ChaCha20-Poly1305, AES-Poly1305)High-performance applications |
* Comparisons are relative to reference/hardware acceleration on 64-bit CPU
HMAC (Hash-based MAC)
MAC algorithms created using hash functions. The most commonly used type of MAC.
Related Standards
- • RFC 2104
- • FIPS PUB 198-1
- • ISO/IEC 9797-1