Skip to content
- A message digest algorithm takes a single input — a message — and produces a “message digest” (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.
- A MAC algorithm takes two inputs — a message and a secret key — and produces a MAC which allows you to verify the integrity and the authenticity of the message: Any change to the message or the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.
- A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.
