Difference between revisions of "Authentication Code"
From MgmtWiki
(Created page with "==Definition== https://csrc.nist.gov/projects/message-authentication-codes An **authentication code** is a short piece of information — usually generated by a cryptographi...") |
|||
| Line 18: | Line 18: | ||
===Example in practice=== | ===Example in practice=== | ||
| − | + | * In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with. | |
| − | + | * In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request. | |
Revision as of 11:58, 6 September 2025
Definition
https://csrc.nist.gov/projects/message-authentication-codes
An **authentication code** is a short piece of information — usually generated by a cryptographic algorithm — that proves a message or transaction is genuine and hasn’t been altered.
In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**:
- **Definition (NIST)**: A **keyed cryptographic checksum** based on an approved security function. - **Purpose**:
1. **Authenticity** — Confirms the message came from the claimed sender. 2. **Integrity** — Confirms the message wasn’t changed in transit.
Solution
1. Sender and receiver share a **secret key**. 2. Sender runs the message + key through a MAC algorithm to produce the authentication code (tag). 3. Receiver runs the same algorithm with the same key; if the tag matches, the message is accepted as authentic.
- **Security property**: Without the secret key, it should be computationally infeasible to forge a valid code for any new message.
Example in practice
- In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with.
- In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request.
