MAC (Message Authentication Code) applied on files and typed-strings



    A MAC (Message Authentication Code) also known as a Keyed Hash Function has been widely
    used for validating a message integrity.
    The Message Authentication Code, is a symmetric approach to check the integrity of information
    transmitted over or stored in an unreliable medium. Data integrity check is a MUST in the world
    of open computing and communications. Mechanisms that provide such integrity check based on
    a secret key are usually called "message authentication codes" (MAC). Typically, MACs represent
    a cryptographic checksum on data and are used between two parties that share a secret key
    (password) in order to validate the authenticity of information transmitted between these parties.
    The computation of a MAC requires the use of a MAC algorithm and a secret key.

    A MAC function h(data, key) returns a string mac of fixed length with the following unforgeability
    property: Without knowing the value of key, it is infeasible to find any new pairs of mac and data
    so that mac = h(data, key). MAC functions can be computed quite efficiently in practice, unlike
    public-key signatures.

    Several Message Authentication Codes were included in the NESSIE portfolio of recommended
    cryptographic primitives, they are UMAC, T-TMAC, EMAC and HMAC. No security weaknesses
    were found for any of these MACs. NESSIE makes a broad recommendation in this area because
    every mentioned MAC has been proven to have its own specific advantages.

    UMAC: is by far the fastest of the MAC primitives considered by NESSIE (at the cost of greater
    complexity and worse key-agility compared to the other primitives). UMAC is based on universal
    HASH function families and has provable security. Breaking UMAC would imply a break of the used
    block cipher running as a pseudo-random function. Knowing that the currently used block cipher
    is AES, one can simply figure out that breaking UMAC is beyond any technical challenge.
    UMAC may be securely used to authenticate any message's length.

    T-TMAC: Also known as Two-Track-MAC, it has the highest security level of all MAC primitives,
    as considered by NESSIE. The design of T-TMAC is based on a slightly modified version of the
    HASH function RIPEMD-160 taking advantage of the two trails used in its compression function.
    The security can be proven on the assumption that the underlying compression function is
    pseudo-random. T-TMAC has specific performance advantages: it is noticeably efficient when
    processing short messages, and has an optimal key-agility.

    EMAC: Formerly called Double-MAC (DMAC), has the advantage that it allows the reuse of an
    existing block cipher implementation. Using the block cipher, a message is encrypted in CBC mode.
    The last block is taken as the MAC of the message. To render secure MACs for variable length
    messages, the last block is encrypted once again with a different key.
    The security can be proven on the assumption that the underlying block cipher is pseudo-random.
    The performance and key-agility are reasonable, however, EMAC is preferable for short message's
    authentication because the block length is smaller compared to the schemes based on a HASH
    function like with HMAC. NESSIE recommends the use of this construction with an approved
    128-bit block cipher.

    HMAC: While EMAC allows the reuse of block ciphers, HMAC has the advantage of allowing
    the reuse of an existing HASH function implementation. HMAC can be used with any iterative
    cryptographic HASH function, e.g., MD5, RipeMD128 /160 or SHA-1 in combination with a secret
    shared key. The cryptographic strength of HMAC depends on the properties of the underlying
    HASH function. HMAC preserves the original performance of the HASH function without incurring
    any significant degradation. The security can be proven on the following assumptions:
    - The underlying HASH function is collision-resistant for a secret initial value.
    - The compression function keyed by the initial value is a secure MAC primitive.
    - The compression function is a weak pseudorandom function.
    These 3 assumptions are easier to achieve compared to the assumptions required for T-TMAC and EMAC.
    The performance and key-agility are reasonable.
    HMAC may be securely used to authenticate any message's length.
    NESSIE recommends the use of this construction with approved collision-resistant HASH functions.

    HMAC suggests that HMAC's input key be at least as long as the key length Kl rendered by the HASH
    function being used. (see key's length table.) Short user-provided HMAC's keys are appended with ZERO's.
    However, those user-provided HMAC's keys that are longer than the block size of the HASH algorithm,
    are HASHed, and the rendered HASH value having a Kl length, is used as the HMAC's input key.
    HMAC's input keys that are much longer than Kl provides no particular security benefit.


    All four MAC algorithms were approved by NESSIE, however, HMAC and UMAC present an advantage
    when dealing with files of all sizes without restrictions, while T-TMAC and EMAC are mostly
    preferable for short message's authentication.
    The implementation of HMAC in 96Crypt was chosen because it's much easier than UMAC and well
    adapted to any file's size. Future 96Crypt's releases may include EMAC and T-TMAC algorithms.


    With 96Crypt you can authenticate either selected files or typed-strings using
    the HMAC-HASH functions.

    • 1. Check HMAC-HASH of selected files
          File's HMAC-HASH authentication may be launched in two different ways:
          A. Either by launching the program normally by clicking on its icon.
          B. Or by using the file's Mouse-Right-Click plug-in.
        • A. Launching 96Crypt normally
              Start 96Crypt, select the "HASH / MAC" page, select a HASH function of your choice,
              check the "HMAC" box, then use the "HASH File(s)" button to browse files.
              Multiple file selection is allowed with all HMAC-HASH functions except with the [List ALL] selection.

              browsehmacfile



              Clicking on the "HASH File(s)" button, opens a small HMAC password prompt window.
              A password needs to be typed so it can be used as the HMAC key.

              EnterHMACpassforfile



              After erntering the password and clicking on the "OK" acceptance button, the
              "File Selection Dialog Window" opens to let you choose the files to authenticate.

              HMACfileSelect



              Select your files, add them to the job list and click on the "PROCEED NOW" button.
              A HMAC-HASH output will be rendered for every selected file, based on the entered password.

              7.HMAC file checker



        • B. Using the Mouse-Right-Click
              Right click on a file or icon in your Windows Explorer or on your Desktop and select
              the  96Crypt - HASH & MAC Checker  function found under the "Send To" section.

              plugin

              If the HMAC box was previously checked, the small HMAC password prompt window will be displayed
              to enter the HMAC key. When the password is entered and accepted, 96Crypt opens directly on the
              the "HASH / MAC" page and will auto-position on the [List ALL] mode providing the most secure
              means for file integrity validation.
              The same file will then be authenticated with all 9 available HMAC-HASH functions at the same time.

              hmacRightClick




    • 2. Check HMAC-HASH of typed-strings
          Start by selecting the HASH function of your choice then you might either doubleclick
          on the "File Path" window as shown below,

          hmacstring1

          or you might select the "Enter A String-text To Be Checked" from the Options menu.

          hmacstring2

          In both cases a window field will slide down where you might type a string text to be authenticated with 9 HMAC-HASH.
          Type your string-text then hit enter.





    96Crypt provides 9 + [List ALL] different HMAC-HASH functions that can be used to
    authenticate your selected files or typed-strings.
    HMAC-HASH functions are based on the same HASH functions already implemented in 96Crypt:
    MD5, RMD-128, RMD-160, SHA-1, TIGER, HAVAL-5, SHA256, SHA384, SHA512.



    The HMAC-HASH functions implemented in 96Crypt are listed below:
Algorithm Name
Rendered Key length
HMAC-MD5
128-bit
HMAC-RMD-128
128-bit
HMAC-RMD-160
160-bit
HMAC-SHA-1
160-bit
HMAC-TIGER
192-bit
HMAC-HAVAL-5
256-bit
HMAC-SHA256
256-bit
HMAC-SHA384
384-bit
HMAC-SHA512
512-bit








    Note 1:
    Opening 96Crypt on the "HASH / MAC" page, will auto-select the last
    HMAC-HASH function and the last display mode that were saved the last time
    96Crypt was closed.
    However, opening 96Crypt with the Right-Click-Mouse will position 96Crypt on
    [List ALL] selection to provide a secure and mathematically irrevocable
    file authentication scheme.








Display HASH Results


Copyright 2002 - © eRightSoft