Glossary

HMAC

A hash-based message authentication code (HMAC) is a type of message authentication code that uses a hash function in combination with a secret key to create a message digest (a unique representation of the message). It can be used to verify the integrity and authenticity of the message by ensuring that it has not been tampered with or altered in any way during transmission.

HMACs are created by performing the following steps:

A message is input into a hash function along with a secret key.
The hash function produces a message digest (a unique representation of the message).
The message digest is encrypted using the secret key to create the HMAC.
The HMAC is attached to the message and transmitted to the recipient.

To verify the HMAC, the recipient of the message performs the following steps:

The HMAC is decrypted using the same secret key that was used to create it.
A new message digest is created from the received message using the same hash function and secret key.
The new message digest is compared to the decrypted HMAC.

If the message digests match, the HMAC is considered to be valid, and the message is authenticated as having been sent by the sender. If the message digests do not match, the HMAC is considered to be invalid, and the message is considered to have been tampered with or altered during transmission.

HMACs are widely used to secure communication and transactions over the Internet and are a key component of many security protocols. They provide a number of benefits, including:

Non-repudiation: HMACs provide evidence that a specific individual or entity created the message, which makes it difficult for the sender to deny having sent the message.
Integrity: HMACs help to ensure that the message has not been tampered with or altered in any way.
Authentication: HMACs provide a way to verify the identity of the sender of the message.
Confidentiality: HMACs can be used in conjunction with encryption to provide both confidentiality and authenticity for the message.

Glossary

Terms explained
A
AES Encryption
Asymmetric encryption
B
Block cipher
Blowfish
C
Certificate
Certificate authorities
Cipher
Cipher suite
Ciphertext
Ciphertext-only Attack
Cryptography
D
Data protection
Data security
Database encryption
Decryption
Differences between encoding, hashing & encryption
Digital signature
E
Encoding
Encryption
Encryption Key Management
Encryption key
Encryption standard
F
File encryption
Forward secrecy
H
HMAC
Hash
Hashing
I
Initialization vector
J
JWT
K
Key derivation function
Key exchange
Key generation
Key length/ key size
Key pair
Known-Plaintext Attack
M
MAC
Message authentication code
Message integrity
O
Off-the-Record (OTR) Messaging
P
Private key
Public key
R
RSA
S
SSH
Salt
Stream cipher
Symmetric encryption
T
Transport encryption
U
UMAC
V
VPN
W
WPA
Weak Cipher Suites
X
X509
XOR

HMAC

Glossary

A

B

C

D

E

F

H

I

J

K

M

O

P

R

S

T

U

V

W

X