Quiz Entry - updated: 2026.07.14
Why is HMAC called "the Swiss Army Knife of Crypto"?
Because HMAC is used far beyond just message authentication — it serves as a MAC, PRF, key derivation function, and appears in virtually every major security protocol.
* One primitive, many jobs — MAC, PRF, key derivation, and the workhorse inside TLS, SSH, IPsec and WireGuard. *
HMAC's roles:
- MAC: Its original purpose — message integrity and authentication
- PRF (Pseudo-Random Function): Proven secure as a PRF, used in TLS for key expansion
- Key derivation (HKDF): HMAC-based Key Derivation Function, standardized
- Used in protocols: TLS 1.3, SSH, IPSec, WireGuard, KEMTLS
It's standardized, provably secure, versatile, and universally deployed. This versatility is why researchers at ETHZ and NIST compare it to a Swiss Army Knife.
Note: Current usage doesn't always match the original theoretical framework — HMAC is used in many contexts beyond what was originally proven, but it has held up remarkably well in practice.
Go deeper:
HKDF (Wikipedia) — the HMAC-based key-derivation function used in TLS 1.3 and Signal.
"Thriving between theory and practice" — Backendal & Haller (NIST Crypto Reading Club, 2024) — the talk that dubbed HMAC "the Swiss Army knife of crypto."