However, if no match exists, the message was altered.
In Figure 8-13, someone is trying to send Terry Smith a check for $100. At the remote end,
Alex Jones is trying to cash the check for $1000. As the check progressed through the
Internet, it was altered. Both the recipient and dollar amounts were changed. In this case, if
a data integrity algorithm were used, the hashes would not match, and the transaction would
no longer be valid.
Figure 8-13 Guarding Against Data Modi?¬?cations
Match = No Changes
No Match = Alterations
I would like to
cash this check.
4ehIDx67NMop9
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
12ehqPx67NMoX
Pay to Alex Jones $1000.00
One Thousand and xx/100 Dollars
Internet
312 Chapter 8: Extending the Network into the WAN
Keyed Hash-based Message Authentication Code (HMAC) is a data integrity algorithm that
guarantees the integrity of the message. At the local end, the message and a shared secret
key are sent through a hash algorithm, which produces a hash value. The message and hash
are sent over the network.
The two common HMAC algorithms are as follows:
?– HMAC-message digest algorithm 5 (MD5): Uses a 128-bit shared secret key.
Pages:
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463