Difference between revisions of "Authentication Code"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Definition== https://csrc.nist.gov/projects/message-authentication-codes An **authentication code** is a short piece of information — usually generated by a cryptographi...")
(No difference)

Revision as of 11:57, 6 September 2025

Definition

https://csrc.nist.gov/projects/message-authentication-codes

An **authentication code** is a short piece of information — usually generated by a cryptographic algorithm — that proves a message or transaction is genuine and hasn’t been altered.

In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**:

- **Definition (NIST)**: A **keyed cryptographic checksum** based on an approved security function. - **Purpose**: 

 1. **Authenticity** — Confirms the message came from the claimed sender.  
 2. **Integrity** — Confirms the message wasn’t changed in transit.

Solution

 1. Sender and receiver share a **secret key**.  
 2. Sender runs the message + key through a MAC algorithm to produce the authentication code (tag).  
 3. Receiver runs the same algorithm with the same key; if the tag matches, the message is accepted as authentic.

- **Security property**: Without the secret key, it should be computationally infeasible to forge a valid code for any new message.

Example in practice

- In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with. - In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request.


References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Authentication_Code&oldid=24989"