Home » Cisco » 210-260 v.2 » Which components does HMAC use to determine the authenticity and integrity of a message?
Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two.)
A. The password
B. The hash
C. The key
D. The transform set
Correct Answer: BC
Explanation/Reference:
An HMAC is a MAC which is based on a hash function. The basic idea is to concatenate the key and the message, and hash them together. Since it is impossible, given a cryptographic hash, to find out what it is the hash of, knowing the hash (or even a collection of such hashes) does not make it possible to find the key. The basic idea doesn’t quite work out, in part because of length extension attacks, so the actual HMAC construction is a little more complicated.
Reference: http://security.stackexchange.com/questions/20129/how-and-when-do-i-use-hmac/20301