Hash Function in Action: Message Authentication Codes

In Introduction to Cryptographic Hash Functions for the Working Developer, I presented a straight to the point, overview of some essential things a developer should know about cryptographic hash functions. 

This post continues in the theme around hash functions, by taking a look at another cryptographic construction hash functions make possible, that is: Message Authentication Codes (MACs).

It is worth quoting Bruce schneier again:

Much more than encryption algorithms, one-way hash functions are the workhouses of modern cryptography

Because Message Authentication Code based on hash functions is a perfect demonstration of how crucial hash functions are.

This post contains the following sections:

• Why Hash Functions alone are not enough
• What is Message Authentication Code
• What is a Hash Based Authentication Code (HMAC)
• What is a Keccak Based Authentication Code (KMAC)
• Some real world applications of Message Authentication Code

Introduction to Cryptographic Hash Functions for the Working Developer

Much more than encryption algorithms, one-way hash functions are the workhouses of modern cryptography - Bruce schneier

This post would be a quick, straight to the point, overview of some essential things a developer should know about cryptographic hash functions. It is targeted at the working developer who needs to be familiar enough with cryptographic hash functions in order to use them, but who does not need to know the gory details of how they are implemented, all their possible use cases or how they work internally.

This post contains the following sections:

1. Cryptographic hash function: A definition
2. Properties of cryptographic hash functions.
3. Types of hash functions
1. Fixed length hash Functions
2. Extendable Output Functions (XOF)
3. Password hashing functions 
4. Some Hashing Hygiene