Computer Security Resource Center   nistlogo
Home Library Services Events Advisories Contact Site Map  
SEARCH


advanced search

Cryptographic Toolkit
 Guidance
 Encryption
 Modes of Operation
 Digital Signatures
 Secure Hashing
 Key Management
 RNG
 Message Authentication
 Entity Authentication
 Passwords

Project Sites
CMVP
PKI
Common Criteria
NIAP
Security Practices
Publications
 
 

Cryptographic Toolkit Header

Message Authentication

Currently, there exists two (2) FIPS-approved* algorithm for generating and verifying message/data authentication codes: DAC (better known as "MAC") and HMAC.

MAC
(DAC)

FIPS 113, Computer Data Authentication May 1985

FIPS 113 specifies an algorithm, which is based on DES, for generating and verifying a Message Authentication Code (MAC).

HMAC

 FIPS 198, HMAC - Keyed-Hash Message Authentication Code March 2002

NIST is pleased to announce the approval of FIPS 198 HMAC - Keyed-Hash Message Authentication Code. This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key.

Testing / Products

Testing is not available for MAC.

NIST is currently developing validation tests for HMAC.

Future Plans

NIST intends to review FIPS 113 and determine whether it should be updated or replaced.

Cryptographic Toolkit Return to crypto toolkit page
 

 

* NIST cryptographic standards are specified in Federal Information Processing Standards (FIPS) Publications. The term "FIPS-approved" indicates something (e.g., a cryptographic algorithm) that is either a) specified in a FIPS or b) adopted in a FIPS and specified either in an appendix to the FIPS or in a document referenced by the FIPS.

Last updated: April 25 , 2001
Page created: December 21, 2000  
Contact: Elaine Barker