File tree Expand file tree Collapse file tree 1 file changed +13
-1
lines changed
Expand file tree Collapse file tree 1 file changed +13
-1
lines changed Original file line number Diff line number Diff line change @@ -602,7 +602,19 @@ HMAC = H((K⊕opad) || H((K⊕ipad) || text))
602602
603603H is the hash function, K is the key, and opad (output pad) and ipad
604604(input pad) are well-known strings that are XORed (⊕) with the key. ||
605- represents concatenation.
605+ represents concatenation.
606+
607+ A deep explanation of this HMAC function is beyond the scope of this
608+ book. However, this approach has been proved to be secure as long as
609+ the underlying hash function H has the appropriate
610+ collision-resistance properties outlined above. Note that the HMAC
611+ takes a hash function *H * that is not keyed, and turns it into a keyed
612+ hash by using the key (XORed with another string, *ipad *) as the first
613+ block to be fed into the hash function. The output of
614+ the keyed hash is then itself subjected to another keyed hash (again
615+ by XORing the key with a string and using that as the first block fed
616+ to the hash.) The two passes of the keyed-hash function are important
617+ to the proof of security for this HMAC construction.
606618
607619.. let's delete this incorrect pic for now
608620 .. _fig-macAndHmac:
You can’t perform that action at this time.
0 commit comments