Developer Guide

  • 10/27/2020
  • Public Content
Contents

Hash and MAC Algorithms

Hash algorithms are used to take a large message and produce a unique short digest of it.
With a cryptographically strong hash function:
  • Different data (usually) maps into different digest values.
  • It is hard to find two different data sets that will produce the same hash value.
  • It is hard to modify the data without changing the hash.
  • It is hard to find data that will produce a given hash except by brute force.
Hashing provides a way to make sure that two messages are equal with a high level of confidence without the need to read the entire message. Only the digest of a message is signed for efficiency. It also allows ensuring that a received message was not changed after it was transmitted by the sender. Only the digest of a message is signed for efficiency.
Intel® DAL supports the one-way hashes:
  • SHA-1
  • SHA-256
  • SHA-512
Message Authentication Code (MAC) algorithms are a sort of keyed hash. They take a message and a secret shared key and provide an output that can be authenticated by the other party to the key. The advantage of MAC algorithms is that they are very very fast and can usually be easily offloaded to the hardware. The disadvantages are that the hashed data cannot be retrieved and there is still a requirement for symmetric keys.
Intel DAL supports the symmetric signature algorithms (keyed hashes):
  • HMAC-SHA1
  • HMAC-SHA256
  • HMAC-SHA512
For more information, see: Secure Hash Standard (PDF)
The practical encryption solution is a hybrid of the available methods:
  • Use public key encryption and hash algorithms to provide secure and authenticated key exchange of (usually) random symmetric keys.
  • Use encryption keys with symmetric-key encryption algorithms to encrypt the data within a secure session.
  • Use signing keys with MAC algorithms to sign data to provide authenticity and data integrity.
Supported from API level 1

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804