消息摘要，消息身份验证代码和HMAC有什么区别? [英] What's the difference between Message Digest, Message Authentication Code, and HMAC?

问题描述

我对消息摘要的理解是，它是与加密数据一起发送的某些数据的加密哈希，因此您可以验证数据是否未被篡改.那么，这与消息验证码(MAC)和哈希MAC(HMAC)有什么区别?

My understanding of a message digest is that it's an encrypted hash of some data sent along with the encrypted data so you may verify that the data has not been tampered with. What is the difference then between this and message authentication codes (MAC) and hash MACs (HMAC)?

推荐答案

• 消息摘要算法接受单个输入(即一条消息)，并生成一个消息摘要"(又名哈希)，该消息使您可以验证消息的完整性:对消息的任何更改都将(理想情况下)导致正在生成不同的哈希.可以替换邮件和摘要的攻击者完全有能力用新的有效对替换邮件和摘要.
• MAC算法采用两个输入-消息和密钥-并生成一个MAC，该MAC可让您验证消息的完整性和:对消息的任何更改或密钥(理想情况下)将导致生成不同的MAC.没有人可以访问该机密，任何人都不能生成可以进行验证的MAC计算；换句话说，MAC可用于检查MAC是否由有权访问密钥的一方生成.
• HMAC算法只是一种特定类型的MAC算法，它在内部使用哈希算法(而不是例如加密算法)来生成MAC.
• A message digest algorithm takes a single input -- a message -- and produces a "message digest" (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.
• A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC which allows you to verify the integrity and the authenticity of the message: Any change to the message or the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.
• A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.

这篇关于消息摘要，消息身份验证代码和HMAC有什么区别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！