| (I) A keyed hash [R2104] that can be based on any iterated
cryptographic hash (e.g., MD5 or SHA-1), so that the cryptographic
strength of HMAC depends on the properties of the selected
cryptographic hash. (See: [R2202, R2403, R2404].)
(C) Assume that H is a generic cryptographic hash in which a
function is iterated on data blocks of length B bytes. L is the
length of the of hash result of H. K is a secret key of length L
<= K <= B. The values IPAD and OPAD are fixed strings used as
inner and outer padding and defined as follows: IPAD = the byte
0x36 repeated B times, OPAD = the byte 0x5C repeated B times. HMAC
is computed by H(K XOR OPAD, H(K XOR IPAD, inputdata)).
(C) The goals of HMAC are as follows:
- To use available cryptographic hash functions without
modification, particularly functions that perform well in
software and for which software is freely and widely available.
- To preserve the original performance of the selected hash
without significant degradation.
- To use and handle keys in a simple way.
- To have a well-understood cryptographic analysis of the
strength of the mechanism based on reasonable assumptions about
the underlying hash function.
- To enable easy replacement of the hash function in case a
faster or stronger hash is found or required.
|
