{"id":16170,"date":"2023-02-23T17:02:35","date_gmt":"2023-02-23T22:02:35","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=16170"},"modified":"2023-05-24T09:53:40","modified_gmt":"2023-05-24T13:53:40","slug":"what-is-a-message-authentication-code-mac","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/what-is-a-message-authentication-code-mac\/","title":{"rendered":"What Is a Message Authentication Code (MAC)?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-message-authentication-codes-are-hidden-bits-of-code-within-online-communications-in-ssl-tls-connections-mac-tags-offer-assurance-a-message-you-received-came-from-an-authentic-person-and-helps-prove-the-message-wasn-t-altered-in-transit\">Message authentication codes are hidden bits of code within online communications. In SSL\/TLS connections, MAC \u201ctags\u201d offer assurance a message you received came from an authentic person and helps prove the message wasn&#8217;t altered in transit<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In computer systems, data is binary, meaning that computers use bits (<em>1s<\/em> and <em>0s<\/em>) to communicate it. Data frequently gets processed in either <a href=\"https:\/\/www.thesslstore.com\/blog\/block-cipher-vs-stream-cipher\/\">blocks or streams<\/a> of individual bits (blocks = groups of <em>1s<\/em> and <em>0s<\/em>, streams = 1s or 0s). But how can you know whether the messages you receive via data streams online were sent by authentic users and haven\u2019t been altered in transit?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You need a way to verify that a message came from an authentic sender (not an imposter) and that the data hasn\u2019t been modified (i.e., it arrived as intended). This is where message authentication codes can come in handy. But what is a message authentication code and what role does it play in internet security?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-a-message-authentication-code\">What Is a Message Authentication Code?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A message authentication code (MAC) is a string of code that tells you who created or sent a message you received and whether that data has been altered. It does this in a way that validates the sender\u2019s identity is legitimate (i.e., a MAC authenticates the sender) over the internet using a shared secret (i.e., a private) key known only by the sender and recipient.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A MAC is sometimes called a tag because it\u2019s a shorter piece of authenticating data that gets attached to the message. It\u2019s also sometimes referred to as a keyed hash function because it uses a symmetric key that\u2019s shared between the message sender and recipient. (More on that in a little bit.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Message authentication codes provide offer two critical properties:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Completeness.<\/strong> A sender can attach this secret string of code to any message and have the intended recipient verify it.<\/li>\n\n\n\n<li><strong>Unforgeability (Security).<\/strong> They also offer security by preventing bad guys who intercept those messages from trying to fake that tag in the future when sending fraudulent messages. How? By preventing them from forging tags for new messages they haven\u2019t seen tagged previously.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-an-overview-of-what-a-mac-does-and-why-you-should-care\">An Overview of What a MAC Does (And Why You Should Care)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A MAC algorithm authenticates the legitimate sender\u2019s identity so you know the data truly came from them. What it <em>doesn\u2019t<\/em> do is protect the confidentiality of your data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To put it another way, basically, a MAC helps a recipient check whether:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A message came from a legitimate sender (because they have the shared secret key), and<\/li>\n\n\n\n<li>The message has been altered somehow (either accidentally or intentionally) since it was sent (because the MAC uses hashing to validate data integrity).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Why is this important? Because the internet is inherently insecure; it\u2019s an open network that transmits data in plaintext, meaning that anyone who knows how can intercept your data in transit. What this means is that without the proper security mechanisms in place, someone could intercept your incoming messages in transit and replace it with something phony. Or, if you\u2019re the sender, they could send entirely new messages and make it look like they came from you.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And if you don\u2019t have mechanisms in place to check that you\u2019re talking to the right person and that the data is unaltered, then you can\u2019t trust the information you receive.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-macs-provide-authentication-data-integrity-checks-but-can-t-support-non-repudiation\">MACs Provide Authentication &amp; Data Integrity Checks (But Can\u2019t Support Non-Repudiation)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In one sense, message authentication codes are kind of like the <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/uwp\/security\/macs-hashes-and-signatures\">symmetric key version of digital signatures<\/a>. (Digital signatures are for use with asymmetric encryption systems only.) When using MACs, the sender and recipient use a single key; with digital signatures, a <a href=\"https:\/\/www.thesslstore.com\/blog\/asymmetric-encryption-what-it-is-why-your-security-depends-on-it\/\">public-private (asymmetric) key pair<\/a> is used where the sending party signs their message using one key while the receiving party accesses the message using the other.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But there is a big difference between a MAC and a digital signature that can be summed up in two words: non-repudiation.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A digital signature ensures that the sender can\u2019t deny that they sent the message. This is because only one party has the private key.<\/li>\n\n\n\n<li>A MAC doesn\u2019t offer that additional layer of security because the symmetric key that it uses is known by more than one party. Since both the sender and recipient have access to the key, there\u2019s no way to verify who was responsible for creating the message.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Because MACs provide authentication and data integrity protection, they\u2019re incredibly useful for helping users\u2019 devices determine whether to accept or reject a message. If the MAC is invalid, their devices won\u2019t return the plaintext \u2014 they\u2019ll display error messages instead.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-where-you-ll-find-macs-in-use\">Where You\u2019ll Find MACs in Use<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">MACs are typically embedded in message headers and\/or cryptographic ciphers. They\u2019re frequently found attached to ciphertext as a way to enable authenticated encryption. As such, they\u2019re used to validate the legitimacy and integrity of data that is<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>transferred via internal or external networks, including SSH and SSL\/TLS connections (to help prevent malicious packets from being inserted into a connection)<\/li>\n\n\n\n<li>stored in your organization\u2019s internal systems, or<\/li>\n\n\n\n<li>stored in external systems or devices.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-a-mac-looks-like\">What a MAC Looks Like<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A MAC is created by combining a symmetric (secret) key with the message and then hashing it using a <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-hash-function-in-cryptography-a-beginners-guide\/\">hashing function<\/a>. Yup, that\u2019s right. A message authentication code uses a specific combination of a message of any length and a secret key to generate a resulting output (message authentication code):<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">INPUT = MESSAGE + SECRET KEY<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">OUTPUT = HASHED MESSAGE AUTHENTICATION CODE DIGEST<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When you break down a message authentication code, it looks like this:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>h(k,m) \u2014 <\/em>or <em>hash(key,message)<\/em> to think of it another way<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Basically, you combine your secret key with the message and then hash it to convert it to a fixed-length string of hexadecimal characters to disguise the size of the message.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"422\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-to-create-a-mac-tag-shadow-1024x422.png\" alt=\"An basic graphic that shows how to create a message authentication code (MAC) tag\" class=\"wp-image-16172\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-to-create-a-mac-tag-shadow-1024x422.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-to-create-a-mac-tag-shadow-300x124.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-to-create-a-mac-tag-shadow-768x317.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-to-create-a-mac-tag-shadow.png 1052w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A basic graphic that illustrates how message authentication codes are created.<\/em><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hashes-and-macs-are-related-but-not-synonymous\">Hashes and MACs Are Related But Not Synonymous<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">We mentioned earlier that message authentication codes are sometimes referred to as keyed hash functions. This is because they do use hash functions as part of their makeup, but unlike traditional hashing, MACs also use a symmetric key.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s a quick overview between traditional hash and MAC functions:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&nbsp;<\/td><td><strong>Traditional Hash Function<\/strong><\/td><td><strong>MAC Function<\/strong><\/td><\/tr><tr><td>What It Is<\/td><td>A one-way cryptographic function that uses a single input to generate an output of a fixed length (called a hash value or digest)<\/td><td>A cryptographic function that uses two inputs (a message and a symmetric key) to generate an output (i.e., a tag or MAC) that varies in size depending on the input &nbsp;<\/td><\/tr><tr><td>What It Does<\/td><td>Ensures any changes (no matter how small) to the input message will result in an entirely new hash value output<\/td><td>Ensures any changes (no matter how small) to the input message or key to generate an entirely new hash value output &nbsp;<\/td><\/tr><tr><td>How It Helps<\/td><td>Offers data integrity protection<\/td><td>It offers two essential properties: authentication and data integrity protection &nbsp;<\/td><\/tr><tr><td>Examples of Algorithms<\/td><td>MD5, SHA-1, SHA-2<\/td><td>CMAC, HMAC, KMAC &nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-message-authentication-codes-are-used-for-authenticity-integrity-validation\">What Message Authentication Codes Are Used For (Authenticity &amp; Integrity Validation)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In a nutshell, a message authentication code is a string of code that enables you to authenticate that the messages came from a legitimate user or device. It\u2019s a unique string of data that\u2019s generated by combining a <a href=\"https:\/\/www.thesslstore.com\/blog\/symmetric-encryption-101-definition-how-it-works-when-its-used\/\">cryptographic symmetric key<\/a> with a plaintext message and then hashing it using a cryptographic process called a hash function. (We\u2019ll speak more about hashing a little later in the article.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Imagine that you\u2019re communicating with a friend who owes you money. They ask for your bank account and routing number so they can transfer funds to reimburse you. You send them the info, they use it to pay you, and you\u2019re both happy.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But what if an attacker intercepts your message and wants to take advantage of an opportunity to make some easy money? Instead, they could replace the bank account information you\u2019ve provided with info for an account they control. What this scenario means is that without a MAC:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You\u2019ve sent your friend the legitimate banking info;<\/li>\n\n\n\n<li>Your friend receives the attacker\u2019s account information instead; and<\/li>\n\n\n\n<li>Neither you nor your friend realizes this info swap has taken place \u2014 the friend sends money to an account they think is yours, and you never receive the money.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">As you can imagine, this will lead to an unpretty situation with both of you thinking that the other one is being untruthful. But the truth of the matter is that neither of you realizes that you\u2019re not talking to the other legitimate party. This is where message authentication codes play an important role.<\/p>\n\n\n<span style=\"--tl-form-height-m:861.156px;--tl-form-height-t:899.625px;--tl-form-height-d:899.625px;\" class=\"tl-placeholder-f-type-shortcode_12653 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-macs-work-a-quick-overview\">How MACs Work (A Quick Overview)&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When you create a MAC, you combine the secret key with the message you want to protect. This information is then hashed to a fixed length, creating the string of data that serves as your MAC. Once this is done, your message is sent and makes its way to the recipient. Their client then computes the MAC using the same function.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If the resulting digest matches the one you provided, it tells your recipient that the data\/message:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Is authentic (i.e., it was sent by the legitimate sender), and<\/li>\n\n\n\n<li>hasn\u2019t been compromised somehow (i.e., the message\u2019s integrity is assured). &nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"943\" height=\"626\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-message-authentication-codes-work-shadow.png\" alt=\"A basic illustration that shows how message authentication codes work and how MAC values are verified\" class=\"wp-image-16173\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-message-authentication-codes-work-shadow.png 943w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-message-authentication-codes-work-shadow-300x200.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/how-message-authentication-codes-work-shadow-768x510.png 768w\" sizes=\"auto, (max-width: 943px) 100vw, 943px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A basic overview of how message authentication codes are computed to ensure the values match and that the data hasn\u2019t been altered.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Of course, for this to work, you need to keep your key secure. This may involve storing your key in a key vault or a hardware security module (HSM). While it\u2019s true that you want your recipient to know the key, you want to ensure that no one unintended gets their hands on it. If they do, then your key is useless and should be destroyed immediately.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-be-precise-how-you-carry-out-the-mac-process-matters\">Be Precise: How You Carry Out the MAC Process Matters<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Just because you have all the correct elements doesn\u2019t mean that you can create the right MAC. When you combine a secret key and the input message you wish to protect, you and the party you\u2019re communicating with must do so in a specific way to generate the same message authentication code. Otherwise, if you combine the key and message in one way but your recipient does it in another (different) way, you\u2019ll both wind up getting completely different values.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Simply put, preciseness and order matter. Think of it in terms of making cookies. (I mean literal cookies \u2014 not the bits of data that track web users.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When you\u2019re baking chocolate chip cookies, for example, you typically want to cream your softened butter and sugar first before introducing other wet ingredients (eggs and vanilla) and your dry ingredients (flour, baking powder, etc.) little by little. If you simply dump in your dry ingredients and then try to later add in your butter, sugar, eggs, etc., then you\u2019re going to get a dough that\u2019s a very different (and often unpleasant) consistency.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The same concept applies to message integrity. As you can imagine, not having matching hash values doesn\u2019t bode well when your recipient is trying to verify the data\u2019s integrity.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-hashes-and-message-authentication-codes-are-related-but-different\">Hashes and Message Authentication Codes Are Related But Different<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Hashes and MACs share a special relationship in cryptography. They\u2019re both cryptographic functions and while one involves the other, that relationship is a bit of a one-way street. You see, hashes don\u2019t use MACs, but MACs do use hashing as part of their process:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Hashing combines a cryptographic hash function with the message to create a fixed-length string of randomized data (i.e., a hash output or digest) without authentication.<\/strong> Hashing, on its own, doesn\u2019t offer assurance of the sender\u2019s identity. Because there\u2019s no shared secret key, it\u2019s used to validate the integrity of the message\u2019s data only and not the identity of the sender.<\/li>\n\n\n\n<li><strong>A message authentication code uses a single key with the message and hashes it to validate the message\u2019s sender identity and ensure data integrity.<\/strong> If the two components are combined in the wrong way, it\u2019ll result in generating a different MAC. This offers assurance that the sender is who they claim to be, but it doesn\u2019t offer assurance that their message hasn\u2019t been compromised or altered since they sent it. Unlike hashing alone, this requires the use of a secret key that you combine with the message prior to hashing it.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-macs-may-leave-your-data-at-risk-of-compromise-if-not-implemented-properly\">MACs May Leave Your Data at Risk of Compromise If Not Implemented Properly<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s important to note, however, that MACs aren\u2019t foolproof as some may be susceptible to <a href=\"https:\/\/owasp.org\/www-project-web-security-testing-guide\/latest\/4-Web_Application_Security_Testing\/09-Testing_for_Weak_Cryptography\/02-Testing_for_Padding_Oracle\">padding oracle attacks<\/a>. These are attacks in which a bad guy uses the padding validation of your encrypted message to decrypt its ciphertext. Basically, there are ways to potentially change messages \u2014 even if an attacker doesn\u2019t know the secret key \u2014 via an approach known as a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Length_extension_attack\">length extension attack<\/a> if you\u2019re using insecure hashing algorithms (MD5, SHA-1, etc.). This involves an attacker using your <em>hash(m1)<\/em> and the length of your message to calculate.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To help avoid this issue, many organizations will instead use a specific type of MAC, known as an HMAC, instead and will carry out applying their MACs in specific ways. (More on both HMACs and MAC application methods in a few moments). But first, let\u2019s quickly cover a couple of the risks when you don\u2019t use an authenticated symmetric encryption security mechanism\u2026<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-chosen-plaintext-attacks-cpas\">Chosen Plaintext Attacks (CPAs)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">While it\u2019s great to learn about what message authentication codes are and how they work, it\u2019s now time to explore how cybercriminals can try to use a chosen plaintext message attack to gain access to your plaintext message via existential forgery. A strong MAC must be resistant to this type of attack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A chosen plaintext attack is a type of attack wherein an attacker creates a new valid message-tag pair they can use without knowing the key required to generate it. Basically, they\u2019re attacking your encryption function.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s consider a quick example. Say, an attacker wants to get their hands on your message authentication code tag. (Tags are long strings of data, often anywhere between 64 and 128 bits \u2014 TLS tags are 96 bits in length.) The following scenario plays out:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The attacker sends a series of random messages to you (the recipient), which you use to compute a corresponding message tag.<\/li>\n\n\n\n<li>You then send that message tag back to the attacker.<\/li>\n\n\n\n<li>The attacker then figures out a new valid message-tag pair (one different from any others you have) they can use to their advantage.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The goal here for the attacker is to perform an existential forgery attack. This is where they use what you\u2019ve sent to create a new valid message-tag pair \u2014 one that doesn\u2019t match any of the existing message-tag pairs that were given to him.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>If the attacker is successful:<\/strong> The attacker was able to create a new valid message-tag pair, which means the message is insecure.<\/li>\n\n\n\n<li><strong>If the attacker is unsuccessful:<\/strong> The attacker was unable to create a new message-tag pair, which means the message is secure.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-chosen-ciphertext-attack-cca\">Chosen Ciphertext Attack (CCA)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Of course, chosen plaintext attacks aren\u2019t the only thing bad guys can do. They can take things up a notch by targeting specific ciphertext that they wish to decrypt or change. This is known as a chosen ciphertext attack (CCA), and it involves an attacker having access to a decryption oracle at some point.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There are two varieties of CCAs:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-non-adaptive-chosen-ciphertext-attack-cca1\">Non-Adaptive Chosen Ciphertext Attack (CCA1)<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">In this type of attack, also known as CCA1, a bad guy can make decryption queries while not knowing the ciphertext. This is because the attacker can only access the decryption oracle prior to the target being revealed (i.e., receiving the challenge ciphertext). So, if they don\u2019t have access to it after receiving the encrypted string of data, it\u2019s essentially useless.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-adaptive-chosen-ciphertext-attacks-cca2\">Adaptive Chosen Ciphertext Attacks (CCA2)<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">In an adaptive chosen ciphertext attack, on the other hand, an attacker isn\u2019t limited in the same way. They can make decryption queries even <em>after<\/em> their intended target ciphertext has been revealed. So, they can send additional queries afterward to leverage the information they\u2019ve learned to decrypt ciphertexts of their choosing.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The SSL\/TLS <a href=\"https:\/\/www.robotattack.org\/\">ROBOT attack<\/a> is more recent example of such an attack in a public key encryption scheme.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-types-of-message-authentication-code-algorithms\">Types of Message Authentication Code Algorithms<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If you didn\u2019t know before, you sure do now: There are multiple types of message authentication code functions. However, the National Institute of Standards and Technology (NIST) says there are only <a href=\"https:\/\/csrc.nist.gov\/Projects\/Message-Authentication-Codes\">three approved general-purpose MAC algorithms<\/a> that are recommended by NIST or FIPS (the Federal Information Processing Standards) for use by federal agencies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-hash-based-message-authentication-code-hmac\">1.&nbsp;&nbsp;&nbsp;&nbsp; Hash-Based Message Authentication Code (HMAC)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Wait, doesn\u2019t a MAC already using a hash function? Yes, that\u2019s true. But unlike the traditional MAC we talked about earlier, a hash-based message authentication code, or HMAC, is a type of MAC that uses two keys and hashes stuff twice. Essentially, you combine key #1 with the message and hash it. After that, the next step is to append it to key #2 and hash everything again. This gives you a hash-based MAC.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">HMAC was introduced in the late 90s in the <a href=\"https:\/\/www.ietf.org\/rfc\/rfc2104.txt\">Internet Engineering Task Force\u2019s request for comments (RFC 2104)<\/a> as a way to ensure greater data integrity protection. It\u2019s also been talked about and expanded upon in multiple FIPS and NIST documents since.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Be sure to stay tuned to our blog as we\u2019ll speak more about HMACs in another article in the next couple of weeks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-cipher-based-message-authentication-code-cmac\">2.&nbsp;&nbsp;&nbsp;&nbsp; Cipher Based Message Authentication Code (CMAC)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A cipher-based message authentication code, or CMAC, is a variation of a cipher block chain message authentication code (CBC MAC). Unlike the basic CBC MAC, which is useful on fixed-length messages, the CMAC can be applied to messages of virtually any length.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To learn more about CMAC, check out <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-38b\/final\">NIST\u2019s special publication (SP 800-38B)<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-keccak-message-authentication-code-kmac\">3.&nbsp;&nbsp;&nbsp;&nbsp; KECCAK Message Authentication Code (KMAC)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A KMAC is a type of variable-length MAC that\u2019s based on the <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/fips\/202\/final\">KECCAK algorithm<\/a> (which is used for SHA-3 hashing related functions). KMAC comes in two variations: KMAC128 (128 bit) and KMAC256 (256 bit). The difference? The security strength and output sizes in terms of bits. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">NIST and FIPs talk more in depth about KMAC in their documents <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-185\/final\">NIST SP 800-185<\/a> and FIPS 202, so be sure to check out that publication to learn more about it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-apply-a-mac-functions-to-your-data\">How to Apply a MAC Functions to Your Data<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">So, how exactly do you apply a message authentication code to your data? The answer depends on what you\u2019re trying to achieve. Let\u2019s quickly look at two common approaches of applying MACs to data:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-approach-1-encrypt-then-mac-etm\">Approach #1: Encrypt-Then-MAC (ETM)<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The encrypt-then-MAC approach is widely used in TLS 1.2 encrypted data transmissions, like what your customers\u2019 browsers do when they visit your website. But what does this process look like? In both of the following examples, you\u2019ll need to generate unique keys for the encryption and MAC functions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the encrypt-then-MAC approach, you\u2019re going to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prepare your plaintext message.<\/li>\n\n\n\n<li>Apply an encryption function to your plaintext message using an encryption key. This will create a ciphertext (i.e., an unreadable string of hexadecimal characters).<\/li>\n\n\n\n<li>Apply the MAC function to the ciphertext using the second key.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">A basic example of the process looks like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"916\" height=\"613\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/encrypt-then-mac-approach-shadow.png\" alt=\"A basic illustration that shows how the encrypt-then-mac approach works. Symmetric encryption is applied to the plaintext, and the resulting ciphertext is then hashed, creating the MAC tag\" class=\"wp-image-16174\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/encrypt-then-mac-approach-shadow.png 916w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/encrypt-then-mac-approach-shadow-300x200.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/encrypt-then-mac-approach-shadow-768x514.png 768w\" sizes=\"auto, (max-width: 916px) 100vw, 916px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A simplified illustration of how to employ a MAC code via the encrypt-then-MAC approach.<\/em><\/figcaption><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-approach-2-mac-then-encrypt-mte\">Approach #2: MAC-Then-Encrypt (MTE)<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">This method was used for older variations of SSL\/TLS protocol (prior to the publication of Internet Engineering Task Force\u2019s [IETF] <a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc7366\/\">RFC 7366<\/a>) because it was once considered secure. The processes involved in this approach are much the same as ETM, but they\u2019re carried out in a different order. This variation requires a bit of a \u201cswitcheroo\u201d but the end result is secure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the MAC-then-encrypt approach, you\u2019ll apply your MAC function (using the MAC key) to your plaintext message first, which creates your MAC tag. After that, apply your separate encryption key to that message-MAC tag combination to generate the ciphertext.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s a quick overview of how the process looks:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"624\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/mac-then-encrypt-approach-shadow.png\" alt=\"A basic illustration that shows how the MAC-then-encrypt approach works. Your MAC hash is applied to the plaintext message, and the combined value is symmetrically encrypted, resulting in the ciphertext\" class=\"wp-image-16175\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/mac-then-encrypt-approach-shadow.png 740w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/mac-then-encrypt-approach-shadow-300x253.png 300w\" sizes=\"auto, (max-width: 740px) 100vw, 740px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A basic illustration that shows how to employ your MAC code using the MAC-then-encrypt method.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Have we lost you? Don\u2019t worry, that\u2019s as technical as we\u2019re getting in this article. It\u2019s time to wrap things up.<\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-final-thoughts-on-message-authentication-codes-in-cyber-security\">Final Thoughts on Message Authentication Codes in Cyber Security<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As you can see, message authentication codes play important roles in internet security in multiple areas. Message authentication codes help validate a message sender\u2019s identity and verify that the data they\u2019ve provided hasn\u2019t been messed with since they sent it. It doesn\u2019t offer data confidentiality, and that\u2019s okay \u2014 data confidentiality isn\u2019t the purpose of message authentication codes. (You can use encryption separately for that purpose.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There are several varieties of message authentication codes that you can use depending on your needs and goals. And while they don\u2019t provide the non-repudiation afforded by public key digital signatures, they still play important roles in cybersecurity as a whole.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There are many different understandings and misconceptions about what MACS are. We hope this article has shed some light on message authentication codes and provides clarity on the topic. Be sure to check back for another article relating to MACs, which will dive into exploring hash-based message authentication codes more in depth.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Message authentication codes are hidden bits of code within online communications. In SSL\/TLS connections, MAC \u201ctags\u201d offer assurance a message you received came from an authentic person and helps prove&#8230;<\/p>\n","protected":false},"author":17,"featured_media":16177,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[13223,13222],"class_list":["post-16170","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-mac","tag-message-authentication-code","post-with-tags"],"views":17840,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/02\/message-authentication-code-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/16170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=16170"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/16170\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/16177"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=16170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=16170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=16170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}