MAC Message Authentication Code

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Now we'll talk about MAC, Message Authentication Codes.
00:00
Now, earlier we talked about hashes and how hashes
00:00
are only good for detecting unintentional modification.
00:00
For example, when there's
00:00
corruption because a packet is dropped
00:00
while a message is being sent
00:00
but there is no malicious intent.
00:00
Then we talked about a digital signature that
00:00
can detect malicious modification.
00:00
In this case, not only is the file hashed,
00:00
but the file is encrypted
00:00
>> with the sender's private key.
00:00
>> Only the sender can encrypt
00:00
something with their private key.
00:00
We get authenticity and integrity
00:00
together, which is non-repudiation.
00:00
A digital signature is great.
00:00
But a digital signature
00:00
>> requires something called a PKI,
00:00
>> or Public Key Infrastructure.
00:00
You don't have to know what that is yet.
00:00
We'll go into it later.
00:00
But anytime you hear the word infrastructure,
00:00
you know it's going to have a lot of overhead.
00:00
Infrastructure is going to take resources,
00:00
money, time, and staff.
00:00
It's going to be an ongoing effort to maintain
00:00
it and you have to monitor and evaluate it.
00:00
It's not easy to have a PKI
00:00
and it's not good enough to just use a hash.
00:00
What I'd really like is
00:00
>> to have something in the middle.
00:00
>> What if we had something that
00:00
gives us reasonable insurance
00:00
against intentional
00:00
modification without all the overhead.
00:00
That's exactly what MAC is.
00:00
Now, you'll see the acronym MAC
00:00
>> used for a lot of things.
00:00
>> But in this case, what it stands
00:00
for is a Message Authentication Code.
00:00
You also hear the terms Hash MAC or HMAC.
00:00
An HMAC requires that both parties agree
00:00
on something. Often it's a password.
00:00
Each party enters a password on
00:00
their routers or whatever device that they're using.
00:00
A key is created based on the password.
00:00
As long as you both enter the same password,
00:00
you have the same key.
00:00
That's symmetric cryptography.
00:00
What happens is that the message is [inaudible]
00:00
with the secret number, the symmetric key,
00:00
and then put through a hashing
00:00
algorithm so that each block
00:00
includes knowledge of the symmetric key
00:00
and grants integrity from the message.
00:00
Only those two parties should know the symmetric key.
00:00
Then we get a reasonable degree of
00:00
authenticity and begin integrity.
00:00
Now, remember, you'll never get true authenticity with
00:00
symmetric cryptography
00:00
because two parties know the same key.
00:00
Either party could be to blame
00:00
if the information is leaked.
00:00
However, you can have
00:00
a reasonable understanding that if the key
00:00
is only shared between two parties and the key is used,
00:00
then one of the two parties used it.
00:00
MAC is better than a hash,
00:00
but not as elaborate as a digital signature,
00:00
which requires so much infrastructure.
00:00
A MAC is often used with applications or services.
00:00
Don't forget, a MAC is a message plus
00:00
a symmetric key shared between
00:00
two parties that goes through a hashing algorithm.
00:00
The resulting effect is a Hash MAC.
Up Next