What is the Difference between a Hash and MAC (Message Authentication code)?
Solution 1
The main difference is conceptual: while hashes are used to guarantee the integrity of data, a MAC guarantees integrity AND authentication.
This means that a hashcode is blindly generated from the message without any kind of external input: what you obtain is something that can be used to check if the message got any alteration during its travel.
A MAC instead uses a private key as the seed to the hash function it uses when generating the code: this should assure the receiver that, not only the message hasn't been modified, but also who sent it is what we were expecting: otherwise an attacker couldn't know the private key used to generate the code.
According to wikipedia you have that:
While MAC functions are similar to cryptographic hash functions, they possess different security requirements. To be considered secure, a MAC function must resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, the attacker cannot guess the MAC for other messages without performing infeasible amounts of computation.
Of course, although their similarities, they are implemented in a different way: usually a MAC generation algorithm is based upon a hash code generation algorithm with the extension that cares about using a private key.
Solution 2
A hash is a function that produces a digest from a message. A cryptographically secure hash is for which it is computationally infeasible to generate a message with a given digest. On its own a hash of a message gives no information about the sender of a given message. If you can securely communicate the hash of a message then it can be used to verify that a large message has been correctly received over an unsecured transport.
A message authentication code is a way of combining a shared secret key with the a message so that the recipient of the message can authenticate that the sender of the message has the shared secret key and the no-one who doesn't know the secret key could have sent or altered the message.
An HMAC is a hash-based message authentication code. Usually this involves applying a hash function one or more times to some sort of combination of the shared secret and the message. HMAC usually refers the the algorithm documented in RFC 2104 or FIPS-198.
A MAC does not encrypt the message so the message is in plain text. It does not reveal the secret key so a MAC can be sent across on open channel with out compromising the key.
Solution 3
Found this to the point answer from another forum.
These types of cryptographic primitive can be distinguished by the security goals they fulfill (in the simple protocol of "appending to a message"):
Integrity: Can the recipient be confident that the message has not been accidentally modified?
Authentication: Can the recipient be confident that the message originates from the sender?
Non-repudiation: If the recipient passes the message and the proof to a third party, can the third party be confident that the message originated from the sender? (Please note that I am talking about non-repudiation in the cryptographic sense, not in the legal sense.) Also important is this question:
Keys: Does the primitive require a shared secret key, or public-private keypairs? I think the short answer is best explained with a table:
Cryptographic primitive | Hash | MAC | Digital
Security Goal | | | signature
------------------------+------+-----------+-------------
Integrity | Yes | Yes | Yes
Authentication | No | Yes | Yes
Non-repudiation | No | No | Yes
------------------------+------+-----------+-------------
Kind of keys | none | symmetric | asymmetric
| | keys | keys
Please remember that authentication without confidence in the keys used is useless. For digital signatures, a recipient must be confident that the verification key actually belongs to the sender. For MACs, a recipient must be confident that the shared symmetric key has only been shared with the sender.
Solution 4
HASH FUNCTION: A function that maps a message of any length into a fixed length hash value, which serves as the authenticator.
MAC: A function of the message and a secret key that produces a fixed length value that serves as the authenticator.
Solution 5
A Hash is a summary or a finger print of a message and provide neither integrity nor authentication itself, as is it is susceptible to man-in-the-middle attack. Suppose A wants to send a message M, combined with hash H of M, to B. Instead C capture the message and generate Message M2 and hash H2 of M2, and sends it to B. Now B, by no mean can verify whether this is the original message from A or not. However, hash can be used in some other ways to achieve integrity and authentication, such as MAC.
A MAC which is also a summary of the message provide Integrity and Authentication. MAC can be computed in many ways. The simplest method is to use a hash function with two inputs, the message and a shared secret key. The use of the shared secret key adds the Authentication ability to the MAC, and thus provide integrity and authentication. However, MAC still does not provide non-repudiation, as any of the party(es) having the shared secret key can produce the message and MAC. Here comes the Digital Signature and Public Key Cryptography in action.
Comments
-
Robben_Ford_Fan_boy almost 2 years
What is the Difference between a Hash and MAC (Message Authentication code)?
By their definitions they seem to serve the same function.
Can someone explain what the difference is?
-
user207421 over 10 years(1) Hash functions don't necessarily use keys at all, let alone symmetric or asymmetric ones. (3) is incomplete and back to front. -1
-
Kamran Bigdely about 9 yearsThe use of the word "authenticator" in your definition of "Hash Function" is misleading. The SHA (Secured Hash Algorithm) on its own is not used for authenticity. It is used for checking the integrity of the data. -
tonix almost 9 yearsI am sorry, what does it mean thateven if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, **the attacker cannot guess the MAC for other messages**? If an attacker has access to an oracle which possesses the secret key he can generate MACs for other messages too, sending them as an input to the oracle, isn't it? -
ZillGate about 8 years@tonix This sentence is only used for defining a secure MAC function. This hypothetical scenario is the worst case of a more realistic scenario, in which the attacker could observes multiple plaintext-MAC pairs, and then try to forge/guess the MAC of a message the attacker wants to send.
-
David 天宇 Wong almost 8 yearsSome other people now have changed these definitions: a hash function does not provide integrity, while authentication is what we now call integrity (cf. crypto.stanford.edu/~dabo/cryptobook ). This change is for the best imo -
David 天宇 Wong almost 8 yearsSome other people now have changed these definitions: a hash function does not provide integrity, while authentication is what we now call integrity (cf. crypto.stanford.edu/~dabo/cryptobook ). This change is for the best imo
-
Abdul Rehman almost 7 yearsMessage & MAC are shared while messaging, But how are shared keys shared to re-generate the MAC? If the Keys are shared through messaging then can't middle man use the key and MAC-Generator to get the message change and pass on to receiver? -
Ishtiaq Hussain over 6 years@Bsienn, shared key is generated using public key cryptography, and not shared directly (through plain messaging) by the users.
-
LetsGoBrandon over 2 yearsWhat if, in another scenario/question, if we hashed the private key? What would be the differences with MAC codes?
-
hanan over 2 yearsboth they seem to be similar except that the MAC is based on secret key.
