# HMAC — Hash-based Message Authentication Code

HMAC combines a cryptographic hash (such as SHA-256 or SHA-3) with a secret key to provide both:
- **Integrity:** Ensuring the message has not been altered.
- **Authenticity:** Confirming the message comes from a party that knows the shared secret.

It effectively turns a standard hash function into a Message Authentication Code (MAC).

---

## How It Works

1. **Shared Secret:**  
   Alice and Bob share a secret key, **K**.

2. **HMAC Computation:**  
   To authenticate a message **m**, Alice computes:
   
   ```
   HMAC(K, m) = H( (K ⊕ opad) || H( (K ⊕ ipad) || m ) )
   ```
   
   - **H** is the chosen hash function.
   - **ipad** and **opad** are fixed constants used for inner and outer padding.
   - **⊕** denotes bitwise XOR.
   - **||** denotes concatenation.

3. **Transmission:**  
   Alice sends the tuple **(m, tag)** to Bob, where **tag** is the computed HMAC.

4. **Verification:**  
   Upon receiving **(m, tag)**, Bob recomputes the HMAC using the same key **K**. If his computed tag matches the received tag, the message is both authentic and unmodified.

---

## Communication Flow

```text
Alice                     Bob                      Eve
-----                     ---                      ---
Message m
  | -- Compute HMAC(K, m) --> (m, tag)
                              | Recompute HMAC(K, m)
                              | Compare tag with received tag
                              V
                        If match → Accept message
```

- **Eve** can observe the message and tag but cannot forge a valid tag without knowing the secret key **K**.

---

## Parameters

- **Key (K):** Shared secret between Alice and Bob.
- **Hash Function (H):** Typically SHA-256 or SHA-3; avoid outdated algorithms like MD5 or SHA-1.
- **Output Length:** Depends on the underlying hash (e.g., 256 bits for HMAC-SHA256).

---

## Security Notes

- **Secure if the Hash is Secure:**  
  HMAC inherits the security properties of the underlying hash function.
- **Avoid Weak Hashes:**  
  Do not use MD5 or SHA-1 in new systems as they are vulnerable.
- **HMAC vs. Raw Hash:**  
  HMAC mitigates weaknesses inherent to raw hash functions when used alone for authentication.

---

## Real-World Applications

- **TLS/HTTPS:**  
  Used to ensure integrity in secure communications.
- **API Authentication:**  
  Implemented by services such as AWS and Stripe.
- **Password-Based Key Derivation:**  
  PBKDF2 employs HMAC internally.

---

In [1]:
import hmac, hashlib

# Shared secret key (must be the same for Alice & Bob)
key = b"supersecretkey"

# Alice's message
msg = b"Hello Bob, this is Alice."

# --- Alice computes HMAC ---
tag = hmac.new(key, msg, hashlib.sha256).hexdigest()
print("Message:", msg)
print("HMAC-SHA256 tag:", tag)

# --- Bob verifies ---
tag_check = hmac.new(key, msg, hashlib.sha256).hexdigest()

if hmac.compare_digest(tag, tag_check):
    print("HMAC valid, message authentic")
else:
    print("HMAC invalid, message tampered")


Message: b'Hello Bob, this is Alice.'
HMAC-SHA256 tag: a99e52eb4ff35560ba74fef3bf3132598be087dafd105c172368e917f3de98c0
HMAC valid, message authentic
