Difference between revisions of "Authentication Code"
From MgmtWiki
m (Tom moved page "Authentication Code" to Authentication Code) |
(→Definition) |
||
| Line 7: | Line 7: | ||
In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**: | In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**: | ||
| − | + | *Definition (NIST): A **keyed cryptographic checksum** based on an approved security function. | |
| − | + | *Purpose | |
1. **Authenticity** — Confirms the message came from the claimed sender. | 1. **Authenticity** — Confirms the message came from the claimed sender. | ||
| − | 2. **Integrity** — Confirms the message wasn’t changed in transit. | + | 2. **Integrity** — Confirms the message wasn’t changed in transit. |
| + | |||
==Solution== | ==Solution== | ||
1. Sender and receiver share a **secret key**. | 1. Sender and receiver share a **secret key**. | ||
Revision as of 12:08, 6 September 2025
Definition
https://csrc.nist.gov/projects/message-authentication-codes
An Authentication Code is a short piece of information — usually generated by a cryptographic algorithm — that proves a message or transaction is genuine and hasn’t been altered.
In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**:
- Definition (NIST): A **keyed cryptographic checksum** based on an approved security function.
- Purpose
1. **Authenticity** — Confirms the message came from the claimed sender. 2. **Integrity** — Confirms the message wasn’t changed in transit.
Solution
1. Sender and receiver share a **secret key**. 2. Sender runs the message + key through a MAC algorithm to produce the authentication code (tag). 3. Receiver runs the same algorithm with the same key; if the tag matches, the message is accepted as authentic.
- **Security property**: Without the secret key, it should be computationally infeasible to forge a valid code for any new message.
Example in practice
- In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with.
- In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request.
