Hash-Based Message Authentication Code

HMAC solves Length Extension Attacks & Collision Attacks by using two passes of Hashing with two different keys derived from the main secret key.

$$HMAC(k,m)=H((k\oplus \mathrm{opad})\Vert H((k\oplus \mathrm{ipad})\Vert m\left)\right)$$

• H: The underlying hash function (e.g., SHA-256).
• k: The secret key.
• ipad (Inner Pad): The byte 0x36 repeated (creates the “Inner Key”).
• opad (Outer Pad): The byte 0x5C repeated (creates the “Outer Key”).

This structure works because:

1. Defeats Length Extension:
   • The “internal state” output by the inner hash H(inner_key∣∣m) is not exposed, because the outer hash immediately processes it.
   • An attacker cannot extend the message because they cannot pass the result through the outer hash (which requires the outer key).
2. Defeats Collisions:
   • The nested structure masks the direct collision relationships found in simple suffix constructions.

¹

---

Relevant Note(s): Message Authentication Code

Footnotes

1. https://datatracker.ietf.org/doc/html/rfc2104 ↩