The most widely used MAC system today is Hash-MAC (HMAC). It uses a keyless Merkle-Damgård hash function
The construction itself is byte-oriented - the inputs for the underlying Merkle-Damgård function ipad
and opad
.
The constant ipad
("inner pad") is the byte 0x36
repeated to match the key's length in bytes, and, similarly, opad
("outer pad") is the byte 0x5C
repeated to match
The MAC's signing algorithm is then defined as follows:
The first "inner key"
Since this is a deterministic MAC system, the canonical verification algorithm can be used.
Using a collision resistant hash function
An HMAC construction is strongly unforgeable, as long as the underlying compression function $h$ is a pseudorandom function.
TO BE FOUND