Visible to Intel only — GUID: GUID-6042B808-2577-432B-A416-3164F141F8AD
Visible to Intel only — GUID: GUID-6042B808-2577-432B-A416-3164F141F8AD
Hash and MAC Algorithms
Hash algorithms are used to take a large message and produce a unique short digest of it.
With a cryptographically strong hash function:
- Different data (usually) maps into different digest values.
- It is hard to find two different data sets that will produce the same hash value.
- It is hard to modify the data without changing the hash.
- It is hard to find data that will produce a given hash except by brute force.
Hashing provides a way to make sure that two messages are equal with a high level of confidence without the need to read the entire message. Only the digest of a message is signed for efficiency. It also allows ensuring that a received message was not changed after it was transmitted by the sender. Only the digest of a message is signed for efficiency.
Intel® DAL supports the one-way hashes:
- SHA-1
- SHA-256
- SHA-512
Message Authentication Code (MAC) algorithms are a sort of keyed hash. They take a message and a secret shared key and provide an output that can be authenticated by the other party to the key. The advantage of MAC algorithms is that they are very very fast and can usually be easily offloaded to the hardware. The disadvantages are that the hashed data cannot be retrieved and there is still a requirement for symmetric keys.
Intel DAL supports the symmetric signature algorithms (keyed hashes):
- HMAC-SHA1
- HMAC-SHA256
- HMAC-SHA512
For more information, see: Secure Hash Standard (PDF)
The practical encryption solution is a hybrid of the available methods:
- Use public key encryption and hash algorithms to provide secure and authenticated key exchange of (usually) random symmetric keys.
- Use encryption keys with symmetric-key encryption algorithms to encrypt the data within a secure session.
- Use signing keys with MAC algorithms to sign data to provide authenticity and data integrity.
Supported from API level 1