In cryptography, an initialization vector (IV) is a block of bits required to allow a stream cipher or a block cipher to be executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to go through a re-keying process.
The size of the IV may depend on the encryption algorithm and on the cryptographic protocol in use. The IV may be as large as the block size of the cipher or as large as the encryption key. The IV must be known to the recipient of the encrypted information to be able to decrypt it. This can be ensured in a number of ways: by transmitting the IV along with the packet, by agreeing on it beforehand during the key exchange or the handshake, by calculating it, or by measuring such parameters as current time, IDs such as sender's and/or recipient's address, or ID, file ID, the packet, sector or cluster number, etc. A number of variables may be combined or hashed together depending on the protocol. If the IV is chosen at random, the cryptographer should take into consideration the probability of collisions, and if an incremental IV is used as a nonce, the algorithm's resistance to related-IV attacks should also be considered.
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will almost certainly change the hash value. In many contexts, especially telecommunications, the data to be encoded is often called the “message,” and the hash value is called the message digest or digest.
An ideal hash function may have the following properties: (i) easy to compute for any given data, (ii) difficult to construct a text that has a given hash, (iii) difficult to modify a given text without changing its hash, and (iv) unlikely that two different messages will have the same hash.
Cryptographic hash functions have many applications, such as message integrity checks, digital signatures, authentication, and various information security applications. Their hash values can also be used as fingerprints for detecting duplicate data files, file version changes, and similar applications, or as checksums to guard against accidental data corruption.
In various standards and applications, commonly used hash functions include MD5, SHA-1, and SHA-256.
A cryptographic message authentication code (MAC) is information used to authenticate a message. A MAC algorithm may accept as input a secret key and an arbitrary-length message to be authenticated, and output a MAC (tag). The MAC value protects both a message's data integrity as well as its authenticity by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
A message integrity code (MIC) is frequently used as a substitute term for MAC, especially in communications, where the MAC acronym is traditionally used for Media Access Control. In certain contexts, however, MIC is a distinctly different term from MAC in that a secret key is not used in MIC operation, so a MIC should be encrypted during transmission if it is to be used as a reliable gauge of message integrity. A given message will always produce the same MIC assuming the same algorithm is used to generate both. Conversely, the same message can only generate matching MACs if the same secret key and initialization vector are used with the same algorithms to generate both. MICs do not use secret keys and, when taken on their own, may be a less reliable gauge of message integrity. A MAC that uses a secret key does not necessarily need to be encrypted to provide the same level of assurance.
While MAC functions are similar to cryptographic hash functions, they may possess different security requirements. To be considered secure, a MAC function should resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, he cannot guess the MAC for any message that he has not yet asked the oracle about without doing an infeasible amount of computation.
MACs differ from digital signatures as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message should agree on keys before initiating communications, as is the case with symmetric encryption. For the same reason, MACs may not provide the property of non-repudiation offered by signatures: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair, which is asymmetric encryption. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.
MAC algorithms can be constructed from other cryptographic primitives, such as cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms (OMAC, CBC-MAC and PMAC). Some MAC algorithms, however, are constructed based on universal hashing.
A keyed-Hash Message Authentication Code (HMAC or KHMAC) is a type of MAC calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC. The resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC may depend upon the cryptographic strength of the underlying hash function, the size and quality of the key, and the size of the hash output length in bits.
An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1, respectively), although it can be truncated if desired. Truncating the hash image may reduce the security of the MAC which is bounded above by the birthday attack.