What is a 'Message Authentication Code - MAC'

A message authentication code (MAC), or tag, is a security code that is typed in by the user of a computer to access accounts or portals. This code is attached to the message or request sent by the user. Message authentication codes (MACs) attached to the message must be recognized by the receiving system in order to grant the user access.

BREAKING DOWN 'Message Authentication Code - MAC'

Message authentication codes (MACs) are commonly used in electronic funds transfers (EFTs) to maintain information integrity. They confirm that a message is authentic; that it really does come, in other words, from the stated sender, and hasn’t undergone any changes en route. A verifier who also possesses the key can use it to identify changes to the content of the message in question.

Message authentication codes are usually required to access any kind of financial account. Banks, brokerage firms, trust companies and any other deposit, investment or insurance company that offers online access can employ these codes. They are a vital component of financial cryptography.

Algorithms Used to Generate MACs

Three algorithms typically comprise a MAC: a key generation algorithm, a signing algorithm, and a verifying algorithm. The key generation algorithm chooses a key at random. The signing algorithm sends a tag when given the key and the message. The verifying algorithm is used to verify the authenticity of the message when given the key and tag; it will return a message of accepted if the message and tag are authentic and unaltered, but otherwise, it will return a message of rejected.

For example, the sender sends a message, such as an EFT, through the MAC algorithm, which generates a key and attaches a MAC data tag to the message. The recipient gets the message, runs it back through the MAC algorithm with the same key, and gets a second data tag. He or she will then compare this MAC data tag to the first one attached to the message when it was transmitted. If the code is the same at both ends, the recipient can safely assume that the data integrity of the message is intact. If not, however, it means that the message was altered, tampered with, or forged.

However, the message itself should contain some data that ensures that this message can only be sent once. For example, a one-time MAC, timestamp, or sequence number could be used to guarantee that the message can only be sent once. Otherwise, the system could be vulnerable to a replay attack, in which an attacker intercepts the message after it has been decoded and retransmits it at a later time, replicating the original results and infiltrating the system.

Message Integrity Codes (MICs)

Sometimes, the term message integrity code (MIC) will be used instead of MAC. This is most often done in the communications industry, where MAC traditionally means media access control address (MAC address). However, MIC can also be used to refer to message digest, which does not use secret keys in the same manner as a MAC, and cannot offer the same level of security without further encryption.

  1. Authorization Code

    An authorization code is an alphanumeric password that that identifies ...
  2. Standard Industrial Classification ...

    Standard Industrial Classification codes are four-digit codes ...
  3. Third-Party Technique

    A marketing strategy in which a company employs outside individuals ...
  4. ISO Currency Code

    Three-letter alphabetic codes that represent the various currencies ...
  5. Big Mac PPP

    Big Mac PPP is a survey done by The Economist that examines the ...
  6. Commercial Code

    Private and public laws that regulated how commerce is to be ...
Related Articles
  1. Tech

    Blockchain Technology Could Revolutionize In-Message Payments

    Consumers want to have secure and private messaging, and they want to be able to send payments to other consumers seamlessly.
  2. Investing

    Can Japan's Stewardship Code Turn Passive Funds Into Active Managers?

    Institutional investors in Japan have been criticized for being too cozy with corporates. Can a code force them to focus on the needs of beneficiaries?
  3. Tech

    The Highest-Rating, Best-Selling Online Security Apps

    Online security apps are a big deal in this post-Snowden world. Here is a look at five of the highest-rated, best-selling secure messaging apps available.
  4. Tech

    Alphabet to Launch 'Android Messages' to Challenge iMessage, FB Messenger

    After a slow start, Alphabet wants a big bite of the mobile messaging business
  5. Investing

    Facebook Creates Messaging App for Teens: Report

    Facebook is reportedly gearing up to launch a messaging app for young teens dubbed Talk.
  6. Taxes

    Why The Complex U.S. Tax Code Won't Be Simplified

    The tax code is 5296 pages long, and it still hasn't been abridged by Congress. Find out why.
  7. Insights

    SIC Vs. NAIC -An Introduction To Industry Classification Codes

    Standard Industrial Classification (SIC) Codes and the more recent NAICS codes are crucial to classifying data to measure industrial growth.
  8. Small Business

    How WhatsApp Is Killing SMS Texting

    With nearly 1 billion users, WhatsApp is killing off cell phone carrier-based SMS texting. But how will it make money and remain dominant into the future?
  9. Investing

    5 New Phishing Scams To Watch Out For

    These five scams may seem transparent, but thousands of people fall for them annually.
  1. How do I use an online security token?

    Learn about the most popular kinds of authentication tokens, what differentiates them and how to use them to protect your ... Read Answer >>
  2. What is the justification for allowing deferred tax liabilities?

    Understand the justification for allowing deferred tax liabilities. Learn the reasoning behind why a company would want to ... Read Answer >>
Trading Center