Message authentication codes

Main article cryptography

As mentioned previously, hash functions can be used to authenticate the content of a message under certain circumstances. A hash can be used to detect random alterations to a message under most circumstances, but it can only reliably detect malicious alterations to a message if the hash can be independently verified.

For example A needs to send a message to B, and B needs to be able to verify that the message has not been altered (eg by an attacker who is able to intercept the message and alter it). A simplistic approach would be to calculate a hash value for the message, and attach that to the end of the message. This is not secure, because the attacker can simply alter the message, recalculate the hash, and send the whole thing to B. Even though the message and the hash value are different from the ones A sent, B will not be able to tell because the message and hash code will match.

One possibility mentioned before was for A to send the hash to B separately, by some secure channel. The hash code does not have to be kept secret, the only requirement is that nobody can tamper with it as it passes from A to B. This works well in some cases. It can also be very inconvenient sometimes, because the hash must be sent every time.

A solution to this is the concept of a keyed hash (or message authentication code, MAC). In this scheme, the final hash value is dependent on the content of the message and the value of a secret key. The key is shared between A and B, but nobody else knows it. Since you cannot create a valid code without knowing the key, it is impossible for an attacker to alter the message sent from A to B without B knowing about it.