Difference between revisions of "Authentication Code"
From MgmtWiki
(→Definition) |
(→Solution) |
||
| Line 16: | Line 16: | ||
2. Sender runs the message + key through a MAC algorithm to produce the authentication code (tag). | 2. Sender runs the message + key through a MAC algorithm to produce the authentication code (tag). | ||
3. Receiver runs the same algorithm with the same key; if the tag matches, the message is accepted as authentic. | 3. Receiver runs the same algorithm with the same key; if the tag matches, the message is accepted as authentic. | ||
| − | + | *Security property: Without the secret key, it should be computationally infeasible to forge a valid code for any new message. | |
===Example in practice=== | ===Example in practice=== | ||
* In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with. | * In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with. | ||
* In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request. | * In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request. | ||
| − | |||
==References== | ==References== | ||
Latest revision as of 12:10, 6 September 2025
Definition
https://csrc.nist.gov/projects/message-authentication-codes
An Authentication Code is a short piece of information — usually generated by a cryptographic algorithm — that proves a message or transaction is genuine and hasn’t been altered.
In formal cryptography terms, it’s most often a **Message Authentication Code (MAC)**:
- Definition (NIST): A **keyed cryptographic checksum** based on an approved security function.
- Purpose
1. **Authenticity** — Confirms the message came from the claimed sender. 2. **Integrity** — Confirms the message wasn’t changed in transit.
Solution
1. Sender and receiver share a **secret key**. 2. Sender runs the message + key through a MAC algorithm to produce the authentication code (tag). 3. Receiver runs the same algorithm with the same key; if the tag matches, the message is accepted as authentic.
- Security property: Without the secret key, it should be computationally infeasible to forge a valid code for any new message.
Example in practice
- In HTTPS, TLS uses MACs (or AEAD modes with built‑in authentication) to ensure that encrypted packets haven’t been tampered with.
- In APIs, an authentication code might be an HMAC (Hash‑based MAC) attached to each request.
