Difference between revisions of "Authentication Code"
From MgmtWiki
| Line 3: | Line 3: | ||
https://csrc.nist.gov/projects/message-authentication-codes | https://csrc.nist.gov/projects/message-authentication-codes | ||
| − | An | + | An [[Authentication Code]] is a short piece of information — usually generated by a cryptographic algorithm — that proves a message or transaction is genuine and hasn’t been altered. |
In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**: | In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**: | ||
Revision as of 11:59, 6 September 2025
Definition
https://csrc.nist.gov/projects/message-authentication-codes
An Authentication Code is a short piece of information — usually generated by a cryptographic algorithm — that proves a message or transaction is genuine and hasn’t been altered.
In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**:
- **Definition (NIST)**: A **keyed cryptographic checksum** based on an approved security function. - **Purpose**:
1. **Authenticity** — Confirms the message came from the claimed sender. 2. **Integrity** — Confirms the message wasn’t changed in transit.
Solution
1. Sender and receiver share a **secret key**. 2. Sender runs the message + key through a MAC algorithm to produce the authentication code (tag). 3. Receiver runs the same algorithm with the same key; if the tag matches, the message is accepted as authentic.
- **Security property**: Without the secret key, it should be computationally infeasible to forge a valid code for any new message.
Example in practice
- In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with.
- In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request.
