What's the difference between Message Digest, Message Authentication Code, and HMAC?
Solution 1:
- A message digest algorithm takes a single input -- a message -- and produces a "message digest" (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.
- A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC which allows you to verify the integrity and the authenticity of the message: Any change to the message or the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.
- A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.
Solution 2:
- A Message Digest is simply a hash of a message. It's the output of a cryptographic hash function applied to input data, which is referred to as a message.
- A Message Authentication Code (MAC) is a piece of information that proves the integrity of a message and cannot be counterfeited easily.
- A HMAC is a specific kind of MAC defined by RFC 2104.
Wikipedia has good articles covering all these terms: see Message Digest, Message Authentication Code, and HMAC.