HMAC
Hash-based Message Authentication Code: a construction that combines a secret key with a cryptographic hash to verify both integrity and authenticity of a message.
HMAC (Hash-based Message Authentication Code) wraps a hash function like SHA-256 with a shared secret key to produce an authentication tag that proves the message was not tampered with and came from someone holding the key. The construction (`H((K xor opad) || H((K xor ipad) || message))`) is provably secure even against length-extension attacks that break naive `H(K || message)` schemes. HMAC is everywhere: AWS request signing (SigV4), JWT HS256 tokens, webhook signatures (Stripe, GitHub), TLS record MACs in older cipher suites, and TOTP/HOTP one-time codes. The right primitive any time both sides share a secret and need to authenticate messages.
Reference
Related terms
See also
Referenced on
- API Key Generator
- Argon2 Hash Generator
- Django Password Hash Generator
- DNS Zone Transfer Attack (AXFR): How a Single Query Exposes Your Entire Domain
- HMAC Generator
- JWT Secret Generator
- MD5 Hash Generator
- Password Tools
- PBKDF2 Generator
- SHA-1 Hash Generator
- SHA-256 Generator Free Online
- SHA-3 Generator Free Online
- SHA-512 Generator
- Terms of Service - DNS Checker