Courses
Security Engineering
Tutorials
Tutorial 2
Exercise 4

Exercise 4

Message Authentication Codes

A Message Authentication Code proves the authenticity of a message between communication partners who share the same secret key.

Example

If Alice sends the file /etc/services to Bob and adds the hex code 35423a2579ff41daef9e839a77d88, then Bob knows:

  • the file was not altered

  • the file came from Alice

provided he knows the MAC method used and Alice’s secret key (in this case, the 128-bit key 0123456789abcdef8877665544332211).

The standard MAC method is the Hash-based MAC, or simply HMAC.

Simulation

Play the role of Bob and execute the following command:

openssl dgst -sha256 -mac HMAC -macopt \
hexkey:0123456789abcdef8877665544332211 /etc/services

(Note: a \ at the end of a line continues the input on the next line.)

Generate a random 128-bit cryptographic key using the /dev/random device and use it to create a corresponding HMAC for the /etc/services file.

To do this, explore how the following command sequence works:

od -t x4 /dev/urandom | head -1 | cut -c 17- | sed -e "s/ //g"
Exercise 3