问题
My understanding of a message digest is that it's an encrypted hash of some data sent along with the encrypted data so you may verify that the data has not been tampered with. What is the difference then between this and message authentication codes (MAC) and hash MACs (HMAC)?
回答1:
- A message digest algorithm takes a single input -- a message -- and produces a "message digest" (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.
- A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC which allows you to verify the integrity and the authenticity of the message: Any change to the message or the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.
- A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.
回答2:
- A Message Digest is simply a hash of a message. It's the output of a cryptographic hash function applied to input data, which is referred to as a message.
- A Message Authentication Code (MAC) is a piece of information that proves the integrity of a message and cannot be counterfeited easily.
- A HMAC is a specific kind of MAC defined by RFC 2104.
Wikipedia has good articles covering all these terms: see Message Digest, Message Authentication Code, and HMAC.
来源:https://stackoverflow.com/questions/3696857/whats-the-difference-between-message-digest-message-authentication-code-and-h