HMAC Generator
Generate secure HMAC authentication codes with multiple hash algorithms
The secret key used for HMAC generation. Keep this confidential!
* SHA-1 is considered insecure. ** MD5 is cryptographically broken and should only be used for legacy compatibility. Use SHA-256 or SHA-512 for new applications.
Result
About HMAC
HMAC (Hash-based Message Authentication Code) is a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, such as MD5, SHA-1, SHA-256, SHA3, and RIPEMD-160, in combination with a secret shared key.
The cryptographic strength of HMAC depends on the properties of the underlying hash function. HMAC is used for data integrity and authentication in many security protocols and applications, including TLS, IPsec, SSH, and various API authentication schemes.
Supported HMAC Algorithms
This tool supports 10 hash algorithms for HMAC: SHA-256 (recommended), SHA-512, SHA-384, SHA-224, SHA3-256, SHA3-384, SHA3-512 for modern secure applications; RIPEMD-160 for Bitcoin and cryptocurrency applications; SHA-1 (legacy, not recommended for security); and MD5 (legacy only, cryptographically broken). HMAC is calculated using the formula: HMAC(K, m) = H((K' ⊕ opad) || H((K' ⊕ ipad) || m)).
Common Use Cases
Security Considerations
The security of HMAC depends on the secrecy of the key and the cryptographic strength of the underlying hash function. Recommended: Use SHA-256, SHA-512, or SHA3 variants for new applications. Avoid: MD5 (broken) and SHA-1 (weak) for security-critical applications. RIPEMD-160: Still used in Bitcoin but consider newer algorithms for new projects. The key should be at least as long as the hash output size and generated using a cryptographically secure random number generator.
Example
Message: "Hello, World!"
Secret Key: "secret-key-2025"
Algorithm: HMAC-SHA256
Output:
e4d7f1b4c4e5a8d3e...