concept

HMAC

HMAC (Hash-Based Message Authentication Code) is a cryptographic mechanism that combines a secret key with a hash function to verify both the integrity and authenticity of a message. It produces a fixed-size output (the MAC) that can be sent alongside the message, allowing the receiver to recompute it using the same key and hash function to detect tampering or forgery. This ensures that the message has not been altered and originates from a trusted source.

Also known as: Hash-Based MAC, Keyed-Hash Message Authentication Code, HMAC-SHA256, HMAC-MD5, Message Authentication Code
🧊Why learn HMAC?

Developers should use HMAC when they need to secure data transmissions, such as in API authentication (e.g., signing requests with keys), verifying file integrity, or protecting against replay attacks in network protocols. It is essential in scenarios where confidentiality is not required, but trust and data integrity are critical, such as in web tokens (e.g., JWT) or secure communication between services.

Compare HMAC

HMAC vs Digital SignaturesHMAC vs Symmetric EncryptionHMAC vs Mac Algorithms

Learning Resources

📄
RFC 2104 - HMAC: Keyed-Hashing for Message Authentication
docs
📝
HMAC Explained - Khan Academy
tutorial
🎓
Cryptography I - Coursera (includes HMAC)
course
📝
HMAC in Python - Real Python Tutorial
tutorial
📄
HMAC - Wikipedia
docs

Related Tools

CryptographyHash FunctionsApi AuthenticationJwtDigital Signatures

Alternatives to HMAC

Digital SignaturesSymmetric EncryptionMac Algorithms