From 7fc2efb6fc9e90dd72cf9e04b4877872e1f663a8 Mon Sep 17 00:00:00 2001 From: Jeroen van der Ham Date: Fri, 28 Nov 2025 17:01:44 +0100 Subject: [PATCH] Simplified HMAC explanation The original HMAC explanation was somewhat convoluted. I've separated the two steps more clearly, and made sure to mention every term of the formula. Also added spacing to the outer parentheses in the formula to make it more clear where the boundary is of the outer H() --- crypto.rst | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/crypto.rst b/crypto.rst index 9ebea19..14d8d22 100644 --- a/crypto.rst +++ b/crypto.rst @@ -607,7 +607,7 @@ HMAC is a function of both the key and the input text. An approach to calculating HMACs has been standardized by NIST and takes the following form: -HMAC = H((K⊕opad) || H((K⊕ipad) || text)) +HMAC = H( (K⊕opad) || H((K⊕ipad) || text) ) H is the hash function, K is the key, and opad (output pad) and ipad (input pad) are well-known strings that are XORed (⊕) with the key. || @@ -618,12 +618,13 @@ book. However, this approach has been proved to be secure as long as the underlying hash function H has the appropriate collision-resistance properties outlined above. Note that the HMAC takes a hash function *H* that is not keyed, and turns it into a keyed -hash by using the key (XORed with another string, *ipad*) as the first -block to be fed into the hash function. The output of -the keyed hash is then itself subjected to another keyed hash (again -by XORing the key with a string and using that as the first block fed -to the hash). The two passes of the keyed-hash function are important -to the proof of security for this HMAC construction. +hash by applying the hashing function *H* twice. First the key (XORed +with a string, *ipad*) is prepended to the message, which is +then fed into the hash function. The output of this keyed hash is then +itself subjected to another keyed hash (again by XORing the key with +a string, *opad*, and prepending that to the output of the first keyed hash). +The two passes of the keyed-hash function are important to the proof +of security for this HMAC construction. .. let's delete this incorrect pic for now; unclear if a new picture adds much