FIPS for Keyed-Hash Message Authentication Code (HMAC)

5 January 2001



[Federal Register: January 5, 2001 (Volume 66, Number 4)]
[Notices]               
[Page 1088-1089]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr05ja01-44]                         

-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No. 00092-9279-01]
RIN 0693-ZA41

 
Announcing a Draft Federal Information Processing Standard for 
the Keyed-Hash Message Authentication Code (HMAC), and Request for 
Comments

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION:  Notice; Request for Comments.

-----------------------------------------------------------------------

SUMMARY: This notice announces a draft Federal Information Processing 
Standard (FIPS) for the Keyed-Hash Message Authentication Code (HMAC), 
for public review and comment.
    This draft FIPS describes a keyed-hash message authentication code 
(HMAC), A MECHANISM FOR MESSAGE AUTHENTICATION USING CRYPTOGRAPHIC HASH 
FUNCTIONS, HMAC can be used with any FIPS-approved cryptographic hash 
function, in combination with a shared secrete key. The cryptographic 
strength of HMAC depends on the properties of the underlying hash 
function. The HMAC specification in this draft FIPS is a generalization 
of HMAC as specified in Internet RFC 2104, HMAC, Keyed-Hashing for 
Message Authentication, and ANSI X9.71, Keyed Hash Message 
Authentication Code.
    Prior to the submission of this proposed standard to the Secretary 
of Commerce for review and approval, it is essential that consideration 
is given to

[[Page 1089]]

the needs and views of the public, users, the information technology 
industry, and Federal, State and local government organizations. The 
purpose of this notice is to solicit such views.

DATES: Comments must be received on or before April 5, 2001.

ADDRESSES: Written comments may be sent to: Chief, Computer Security 
Division, Information Technology Laboratory, Attention: Comments on the 
draft FIPS for HMAC, 100 Bureau Drive--Stop 8930 National Institute of 
Standards and Technology, Gaithersburg, MD 20899-8930.
    Electronic comments may also be sent to: ``HMAC@nist.gov''.
    This draft FIPS is available electronically at: http://
www.nist.gov/hmac/ or http://csrc.nist.gov/publications/drafts.html.
    Comments received in response to this notice will be published 
electronically at http://www.nist.gov/hmac/.

FOR FURTHER INFORMATION CONTACT:  Elaine Barker, Computer Security 
Division, National Institute of Standards and Technology, Gaithersburg, 
MD 20899-8930, telephone (301) 975-2911, email: elaine.barker@nist.gov.

SUPPLEMENTARY INFORMATION: This draft FIPS for The Keyed-Hash Message 
Authentication Code (HMAC) specifies an algorithm for applications 
requiring message authentication. Message authentication is achieved 
via the construction of a message authentication code (MAC). MACs based 
on cryptographic hash functions are known as HMACs.
    The purpose of a MAC is to authenticate both the source of a 
message and its integrity without the use of any additional mechanisms. 
HMACs have two functionally distinct parameters, message input and a 
secret key known only to the message originator and intended 
receiver(s). Additional applications of keyed hash functions include 
their use in challege-response identification protocols for computing 
responses. which are a function of both a secret key and a challenge 
message.
    An HMAC function is used by the originator to produce a value (the 
MAC) that is formed by condensing the secret key and the message input. 
The MAC is typically sent to the message receiver along with the 
message. The receiver computes the MAC on the received message using 
the same key and HMAC function as was used by the originator, and 
compares the result computed with the received MAC. If the two values 
match, the message has been correctly received, and the receiver is 
assured that the message originator is a member of the community of 
users that share the key.

    Authority: Federal Information Processing Standards Publications 
(FIPS PUBS) are issued by the National Institute of Standards and 
Technology after approval by the Secretary of Commerce pursuant to 
section 5131 of the Information Technology Management Reform Act of 
1996 and the Computer Security Act of 1987, Public Law 100-2235.

    E.O. 12866: This notice has been determined to be non-significant 
for the purposes of E. O. 12866.

    Dated: January 2, 2001.
Karen H. Brown,
Deputy Director, NIST.
[FR Doc. 01-381 Filed 1-4-01; 8:45 am]
BILLING CODE 3510-CN-M