message authentication code (MAC)

A message authentication code (MAC) is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.

A MAC requires two inputs: a message and a secret key known only to the originator of the message and its intended recipient(s). This allows the recipient of the message to verify the integrity of the message and authenticate that the messege's sender has the shared secret key. If a sender doesn’t know the secret key, the hash value would then be different, which would tell the recipient that the message was not from the original sender. 

There are four types of MACs:  unconditionally secure, hash function-based, stream cipher-based  and block cipher-based  In the past, the most common approach to creating a MAC was to use block ciphers like Data Encryption Standard (DES), but hash-based MACs (HMACs) which use a secret key in conjunction with a cryptographic hash function to produce a hash, have become more widely used.

This was last updated in November 2010

Next Steps

Authentication comes in all sizes and flavors, and security pros need to know the differences between subjects like data integrity and PKI, and Multifactor authentication. Learn about the various types of data integrity authentication schemes such as message authentication protocol (MAC) and hashing algorithms to ensure data hasn’t been tampered with along the way. Then, read about how to build a business case for MFA.

Continue Reading About message authentication code (MAC)

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing