HMAC — Keyed Hash

HMAC — Hash-based Message Authentication Code

A bare hash $H(m)$ does not authenticate who sent $m$ — anyone can compute it. A MAC (Message Authentication Code) requires knowing a secret key $k$ to produce the authentication tag.

Naive Approach and Its Flaw

The simplest idea: $H(k \| m)$ (concatenate key and message). This is vulnerable to a length-extension attack for hash functions like SHA-1 and SHA-2: given $H(k \| m)$, an attacker can compute $H(k \| m \| \text{extra})$ without knowing $k$.

HMAC Construction

The HMAC standard (RFC 2104) avoids length extension by applying the key twice:

$\text{HMAC}(k, m) = H\bigl((k \oplus \text{opad}) \| H((k \oplus \text{ipad}) \| m)\bigr)$

where ipad = 0x36 repeated and opad = 0x5C repeated.

Our Simplified HMAC

We implement a simplified version using DJB2:

$\text{hmac\_simple}(m, k) = \text{djb2}(k \| m \| k) \bmod 2^{32}$

Wrapping the message with the key on both sides (like HMAC's double-key structure) prevents simple concatenation attacks.

Properties of MACs

• Unforgeability — without the key, an attacker cannot produce a valid MAC
• Verification — recompute MAC and compare; use constant-time comparison in production
• Different keys → different MACs for the same message

Your Task

Implement:

• djb2_hash(s) — DJB2 hash (hash=5381, hash = hash*33 XOR ord(c), return hash & 0xFFFFFFFF)
• hmac_simple(message, key) — returns djb2_hash(key + message + key) & 0xFFFFFFFF