When people say HMAC-MD5 or HMAC-SHA1 are still secure, they mean that they're still secure as PRF and MAC. The key assumption here is that the key is unknown to the attacker.

I was reading HMAC on wikipedia and I was confused about a few points. Where do I use HMAC? Why is the key part of the hash? Even if someone successfully used a "length-extension …

Note that HMAC is a specific scheme as Seth correctly describes; SHA-3 uses KMAC which is therefore another hash based MAC. Maybe the acronyms CBMAC and HBMAC could be used …

Most of discussions involving access credentials include references to "hashing salted passwords". Is this another way to referring to the HMAC algorithm or a totally different …

In our product (embedded system), so far we were using diffie-hellman-group1-sha1 with hmac-sha1. But due to security concern we are planning to use diffie-hellman-group14 for key …

On a recent question it became apparent that there's a significant difference between an HMAC of input data and a hash of input data. What exactly is the difference between an HMAC and a …

I am looking at ways to secure http communication using HMAC. My understanding is that in this scenario the client and the server both know a secret. This means the secret must be first …

Following on the heels of the previously posted question here, Taxonomy of Ciphers/MACs/Kex available in SSH?, I need some help to obtain the following design goals: Disable any 96-bit …

HMAC may be used instead of a raw hash function to strengthen a password-verification system, but in a different setup. Given a system which checks passwords with salts and iterated hash …

When receiving a registration request, first verify the HMAC (by recomputing it), then (and only then) proceed to the decryption step. Of course, all of this assumes that there is a key K, that …