This page uses content from Wikipedia and is licensed under CC BY-SA.

Message authentication

In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message.[1] Message authentication does not necessarily include the property of non-repudiation.[2][3]

Message authentication is typically achieved by using message authentication codes (MACs), authenticated encryption (AE) or digital signatures.[2]

Some cryptographers distinguish between "message authentication without secrecy" systems -- which allow the intended receiver to verify the source of the message, but don't bother hiding the plaintext contents of the message -- from authenticated encryption systems.[4] Some cryptographers have researched subliminal channel systems that send messages that appear to use a "message authentication without secrecy" system, but in fact also transmit a secret message.

See also


  1. ^ Mihir Bellare. "Chapter 7: Message Authentication" (PDF). CSE 207: Modern Cryptography. Lecture notes for cryptography course. 
  2. ^ a b Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. "Chapter 9 - Hash Functions and Data Integrity" (PDF). Handbook of Applied Cryptography. p. 361. 
  3. ^ "Data Origin Authentication". Web Service Security. Microsoft Developer Network. 
  4. ^ G. Longo, M. Marchi, A. Sgarro "Geometries, Codes and Cryptography". p. 188.