In previous posts we covered the state of the art cryptanalysis results on the RSA mechanisms, hash functions, block ciphers and block cipher modes available in PKCS#11. In this post we look at the message authentication code (MAC) mechanisms available.
Return of the MAC
There are essentially two ways to produce a MAC from a message and a shared secret: one is to use a block cipher in an appropriate MAC mode, the other is to used a keyed hash function (HMAC). During the 1990s, it was hard for US-based companies to export technology containing strong block ciphers, and the state of the art block ciphers were a lot slower than the widely used hash functions. Hence the HMAC construction became very popular.