Message Authentication Code (MAC)
What is Message Authentication Code (MAC)?
Message Authentication Code (MAC)A short symmetric-key tag that authenticates a message and detects tampering, computed and verified with the same shared secret.
A Message Authentication Code (MAC) is a fixed-length tag computed over a message using a symmetric secret key, such that verification requires the same key. It provides integrity and authenticity but not non-repudiation, because both parties hold the key. Common constructions include HMAC (hash-based, RFC 2104), CMAC (CBC-MAC, NIST SP 800-38B), GMAC (used in GCM), Poly1305 (paired with ChaCha20 in ChaCha20-Poly1305) and KMAC (built on Keccak/SHA-3). MACs underpin TLS record authentication, IPsec AH, JWT HS256, API request signing and AEAD modes; constant-time tag comparison is essential to avoid timing side channels.
● Examples
- 01
HMAC-SHA-256 is used to authenticate AWS Signature Version 4 requests.
- 02
Poly1305 authenticates ciphertext in the ChaCha20-Poly1305 AEAD used by TLS 1.3.
● Frequently asked questions
What is Message Authentication Code (MAC)?
A short symmetric-key tag that authenticates a message and detects tampering, computed and verified with the same shared secret. It belongs to the Cryptography category of cybersecurity.
What does Message Authentication Code (MAC) mean?
A short symmetric-key tag that authenticates a message and detects tampering, computed and verified with the same shared secret.
How do you defend against Message Authentication Code (MAC)?
Defences for Message Authentication Code (MAC) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Message Authentication Code (MAC)?
Common alternative names include: MAC, Cryptographic checksum.