Message Authentication Codes (MACs)

Prevents padding oracle attacks: make it infeasible for an attacker to generate a valid ciphertext ( key holders only!!!)

$$plaintext\ +\ key −−>MAC−−>authenticator\ tag\ (fixed\ length)$$

• Receiver doesn't look at message until MAC is valid

• MUCH harder for Eve to produce a valid MAC (e.g., 1\/$$2^{128}$$) than it is to produce valid padding byte (i.e., 1\/256) in the PO attack

HMAC - Hash Based MAC

• Hash can be MD5, SHA1 or SHA256