# What are HMACs?

### Introduction to HMACs

An **HMAC** (keyed-hash message authentication code) is a type of **message authentication code (MAC)** that uses:

* A **hash function** (e.g., SHA-256), and
* A **secret key** shared between two parties.

The purpose of an HMAC is to ensure that a message is both **authentic** (it came from the expected sender) and **intact** (it hasn’t been tampered with).

👉 **In simpler terms:** An HMAC is like a digital stamp that proves “this message really came from me, and no one altered it.”

***

### How HMACs Work

* HMACs rely on a **symmetric shared secret**. Both parties must agree on this secret key before communication begins.
* Every message is accompanied by an HMAC, which the receiver can check using the same secret key.
* The message itself may or may not be encrypted—but its authenticity and integrity can still be verified.

For example: if the hash function used is SHA-256, the code would be called **HMAC-SHA-256**.

👉 **In simpler terms:** Think of two people agreeing on a secret handshake before they meet. Each time they send a message, they include the handshake. If the handshake checks out, the receiver knows the message is genuine.

***

### The Problem with HMACs

The biggest weakness of HMACs is the **shared secret** itself.

* If an attacker intercepts or discovers the key, they can impersonate one of the parties.
* This makes it possible to launch a **man-in-the-middle attack**, where the attacker secretly relays and even changes communications.
* As with PKI, this vulnerability can enable ransomware, malware injection, or sensitive data theft.

👉 **In simpler terms:** If someone learns the secret handshake, they can pretend to be you.

***

### Why This Matters for Our Discussion

HMACs highlight a common trade-off in cryptography:

* They’re **simpler and faster** than PKI’s digital signature systems.
* But they also suffer from **trust problems** because both parties must share—and protect—a single secret key.

BSV avoids these pitfalls by anchoring security in **hash functions, UTXOs, and on-chain digital signatures**. Instead of trusting hidden secrets, authenticity and integrity are **provable and auditable on the blockchain**.

👉 **Key takeaway:** HMACs show how hashing can secure communications, but they also expose the risks of secret-sharing. BSV solves these risks by building security on transparent, verifiable, and scalable mechanisms instead.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hub.bsvblockchain.org/higher-learning/bsv-academy/bitcoin-primitives-hash-functions/double-hashing-and-bsvs-security/what-are-hmacs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.