This MAC is a cryptographic concept, which is different from a computer network
Why do we need MAC with a summary algorithm?
The summary algorithm guaranteesThe integrity of the message
In the final analysis, H(x) ensures the integrity of x
So the question is, if I know the summary algorithm you are using (such as man-in-the-middle attack), then can I replace x with y and H(x) with H(y) calculated by man-in-the-middle, and can it still take effect?
The answer is that it cannot take effect, so this method has disadvantages, that is, we can guarantee the integrity of this message, but the authenticity cannot be guaranteed, that is, whether the complete message is true or not has been dropped cannot be determined.
The appearance of MAC (Message Authentication Code)
To solve this disadvantage, MAC appeared
The MAC generation process is usually as follows:
- Data processing: Process the original data and use the digest algorithm to generate the hash value of the data.
- Key encryption: Encrypt the hash value using a shared key to generate a MAC.
- transmission: Transfer data and MAC to the receiver.
- verify: The receiver recalculates the MAC for the data using the same key and compares it with the received MAC to verify the integrity and authenticity of the data.
Is this just a solution to the authenticity issue? Is it impossible for shared keys to leak?
The premise that MAC can ensure authenticity isShared keys are not leaked
Let's explain this question in detail on how to use MAC at https
After establishing a TLS connection, the subsequent messages will carry a MAC after the https
How to ensure that shared keys are not leaked
The core is:
- CA certificate, neither party to the communication has downloaded the illegal certificate
- Asymmetric keys. During the process of https negotiated a shared key, there is a random number that is encrypted with a public key, and at this time, only the server's private key can be decrypted.