Practice free →
HomeB.Tech Cyber SecuritycybersecurityCryptography › An HMAC (Hash-based Message Authentication Code)…

An HMAC (Hash-based Message Authentication Code) provides

Aconfidentiality only
Bintegrity AND authenticity of a message via a shared secret key
Cnon-repudiation (like a digital signature)
Dcompression of large messages
Answer & Solution
Correct answer: B. integrity AND authenticity of a message via a shared secret key
1. HMAC = HMAC(key, message) — uses a hash function (SHA-256, SHA-3) keyed with a shared secret. 2. PROVIDES: • INTEGRITY: any change to the message changes the HMAC. • AUTHENTICITY: only someone with the shared key could have produced the HMAC. 3. DOES NOT PROVIDE: • Confidentiality (the message itself is not encrypted) • Non-repudiation (both parties have the key, so either could have produced it) 4. USE CASES: API request signing (AWS SigV4), JWT signing (HS256), message authentication in protocols. 5. Digital signatures (option C) need ASYMMETRIC crypto for non-repudiation. _Source: Boneh & Shoup, §6 (MACs and HMAC) + RFC 2104._
Solve this in the app — B.Tech Cyber Security practice & 24k+ MCQs →
Related questions