LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How does HMAC (RFC 2104) work, and what are the inner and outer keys?

HMAC applies the hash function twice with two derived keys: $HMAC_k(x) = h(k_O \| h(k_I \| x))$, where $k_I$ and $k_O$ are derived by XORing the key with fixed padding constants.

HMAC: inner hash of k_I‖message, then outer hash of k_O‖inner-hash

* Two keys derived from one (via ipad/opad) wrap a nested inner-then-outer hash. *

Key derivation:

  1. Key $k'$ is padded with zeros to 512 bits (the hash block size) → $k$
  2. Inner key: $k_I = k \oplus ipad$ where $ipad$ = byte 0x36 repeated 64 times
  3. Outer key: $k_O = k \oplus opad$ where $opad$ = byte 0x5C repeated 64 times

Computation:

  1. Compute inner hash: $h(k_I \| x)$ — hash the inner key concatenated with the message
  2. Compute outer hash: $h(k_O \| \text{inner hash})$ — hash the outer key with the inner result
  3. Optionally truncate to 96 bits (e.g., HMAC-96)

Key properties:

  • Key $k'$ can be up to 512 bits
  • Only SHA-2 and SHA-3 are approved by BSI as the underlying hash function
  • Widely used in TLS, IPSec, SSH, WireGuard
  • Truncation to 96 bits is a known (minor) weakness but not mandatory

Tip: The seemingly arbitrary constants 0x36 and 0x5C aren't explained in the RFC — their purpose is simply to produce two sufficiently different keys from one master key.

Go deeper:

From Quiz: KRYPTOG / One-Way and Hash Functions | Updated: Jul 14, 2026