2104: HMAC: Keyed-Hashing for Message Authentication.
HTML
TXT
PS
PDF
This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function.
Status INFORMATIONAL
Format TXT=22297 bytes
Authors
R. Canetti
M. Bellare
Date February 1997
Keyphrases HMAC hash key authentication
References
Referenced by
- RFC2085: HMAC-MD5 IP Authentication with Replay Prevention.
- RFC2195: IMAP/POP AUTHorize Extension for Simple Challenge/Response.
- RFC2202: Test Cases for HMAC-MD5 and HMAC-SHA-1.
- RFC2246: The TLS Protocol Version 1.0.
- RFC2264: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3).
- RFC2274: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3).
- RFC2286: Test Cases for HMAC-RIPEMD160 and HMAC-RIPEMD128.
- RFC2316: Report of the IAB Security Architecture Workshop.
- RFC2332: NBMA Next Hop Resolution Protocol (NHRP).
- RFC2334: Server Cache Synchronization Protocol (SCSP).
- RFC2337: Intra-LIS IP multicast among routers over ATM using Sparse Mode
- RFC2378: The CCSO Nameserver (Ph) Architecture.
- RFC2403: The Use of HMAC-MD5-96 within ESP and
- RFC2404: The Use of HMAC-SHA-1-96 within ESP and
- RFC2409: The Internet Key Exchange (IKE).
- RFC2411: IP Security Document Roadmap.
- RFC2510: Internet X.509 Public Key Infrastructure Certificate Management Protocols.
- RFC2511: Internet X.509 Certificate Request Message Format.
- RFC2516: A Method for Transmitting PPP Over Ethernet (PPPoE).
- RFC2520: NHRP with Mobile NHCs.
- RFC2570: Introduction to Version 3 of the Internet-standard Network Management Framework.
- RFC2574: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3).
- RFC2630: Cryptographic Message Syntax.
- RFC2660: The Secure HyperText Transfer Protocol.
- RFC2693: SPKI Certificate Theory.
- RFC2747: RSVP Cryptographic Authentication.
- RFC2748: The COPS (Common Open Policy Service) Protocol.
- RFC2756: Hyper Text Caching Protocol (HTCP/0.0).
- RFC2797: Certificate Management Messages over
- RFC2801: Internet Open Trading Protocol - IOTP Version 1.0.
- RFC2802: Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP).
- RFC2828: Internet Security Glossary.
- RFC2831: Using Digest Authentication as a SASL Mechanism.
- RFC2845: Secret Key Transaction Authentication for DNS (TSIG).
- RFC2847: LIPKEY - A Low Infrastructure Public Key Mechanism Using
- RFC2857: The Use of HMAC-RIPEMD-160-96 within ESP and
- RFC2869: RADIUS Extensions.
- RFC2875: Diffie-Hellman Proof-of-Possession Algorithms.
- RFC2898: PKCS #5: Password-Based Cryptography Specification Version 2.0.
- RFC2930: Secret Key Establishment for DNS (TKEY RR).
- RFC2945: The SRP Authentication and Key Exchange System.
- RFC2960: Stream Control Transmission Protocol.
- RFC3012: Mobile IPv4 Challenge/Response Extensions.
- RFC3040: Internet Web Replication and Caching Taxonomy.
- RFC3075: XML-Signature Syntax and Processing.
- RFC3118: Authentication for DHCP Messages.
- RFC3220: IP Mobility Support for IPv4.
- RFC3259: A Message Bus for Local Coordination.
- RFC3275: (Extensible Markup Language) XML-Signature Syntax and Processing.
- RFC3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
- RFC3316: Internet Protocol Version 6 (IPv6) for Some Second and Third Generation Cellular Hosts.
- RFC3344: IP Mobility Support for IPv4.
- RFC3370: Cryptographic Message Syntax (CMS) Algorithms.
- RFC3410: Introduction and Applicability Statements for Internet-Standard Management Framework.
- RFC3414: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3).
- RFC3489: STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs).
- RFC3520: Session Authorization Policy Element.
- RFC3537: Wrapping a Hashed Message Authentication Code (HMAC) key with a Triple-Data Encryption Standard (DES) Key or an Advanced Encryption Standard (AES) Key.
- RFC3546: Transport Layer Security (TLS) Extensions.
- RFC3566: The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec.
- RFC3567: Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication.
- RFC3576: Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS).
- RFC3579: RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP).
- RFC3580: IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines.
- RFC3599: Request for Comments Summary RFC Numbers 3500-3599.
- RFC3618: Multicast Source Discovery Protocol (MSDP).
- RFC3631: Security Mechanisms for the Internet.
- RFC3652: Handle System Protocol (ver 2.1) Specification.
- RFC3711: The Secure Real-time Transport Protocol (SRTP).
- RFC3723: Securing Block Storage Protocols over
- RFC3775: Mobility Support in IPv6.
- RFC3795: Survey of IPv4 Addresses in Currently Deployed IETF Application Area Standards Track and Experimental Documents.
- RFC3821: Fibre Channel Over TCP/IP (FCIP).
- RFC3830: MIKEY: Multimedia Internet KEYing.
- RFC3931: Layer Two Tunneling Protocol - Version 3 (L2TPv3).
- RFC3957: Authentication, Authorization, and Accounting (AAA) Registration Keys for Mobile IPv4.
- RFC3961: Encryption and Checksum Specifications for Kerberos 5.
- RFC3967: Clarifying when Standards Track Documents may Refer Normatively to Documents at a Lower Level.
- RFC4004: Diameter Mobile IPv4 Application.
- RFC4030: The Authentication Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Option.
- RFC4051: Additional XML Security Uniform Resource Identifiers (URIs).
- RFC4086: Randomness Requirements for Security. D. Eastlake, 3rd,
- RFC4111: Security Framework for Provider-Provisioned Virtual Private Networks (PPVPNs).
- RFC4169: Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2.
- RFC4186: Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM).
- RFC4187: Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA).
- RFC4210: Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP).
- RFC4211: Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF).
- RFC4226: HOTP: An HMAC-Based One-Time Password Algorithm.
- RFC4230: RSVP Security Properties.
- RFC4231: Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512.
- RFC4251: The Secure Shell (SSH) Protocol Architecture.
- RFC4253: The Secure Shell (SSH) Transport Layer Protocol.
- RFC4278: Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification.
- RFC4294: IPv6 Node Requirements.
- RFC4306: Internet Key Exchange (IKEv2) Protocol.
- RFC4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2).
- RFC4308: Cryptographic Suites for IPsec.
- RFC4346: The Transport Layer Security (TLS) Protocol Version 1.1.
- RFC4357: Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms.
- RFC4366: Transport Layer Security (TLS) Extensions.
- RFC4380: Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs).
- RFC4383: The Use of Timed Efficient Stream Loss-Tolerant Authentication (TESLA) in the Secure Real-time Transport Protocol (SRTP).
- RFC4460: Stream Control Transmission Protocol (SCTP) Specification Errata and Issues.
- RFC4467: Internet Message Access Protocol (IMAP) - URLAUTH Extension.
- RFC4493: The AES-CMAC Algorithm.
- RFC4494: The AES-CMAC-96 Algorithm and Its Use with IPsec.
- RFC4507: Transport Layer Security (TLS) Session Resumption without Server-Side State.
- RFC4568: Session Description Protocol (SDP) Security Descriptions for Media Streams.
- RFC4595: Use of IKEv2 in the Fibre Channel Security Association Management Protocol.
- RFC4634: US Secure Hash Algorithms (SHA and HMAC-SHA).
- RFC4635: HMAC SHA (Hashed Message Authentication Code, Secure Hash Algorithm) TSIG Algorithm Identifiers.
- RFC4650: HMAC-Authenticated Diffie-Hellman for Multimedia Internet KEYing (MIKEY).
- RFC4656: A One-way Active Measurement Protocol (OWAMP).
- RFC4705: GigaBeam High-Speed Radio Link Encryption.
- RFC4758: Cryptographic Token Key Initialization Protocol (CT-KIP) Version 1.0 Revision 1.
- RFC4763: Extensible Authentication Protocol Method for Shared-secret Authentication and Key Establishment (EAP-SAKE).