A message authentication code (abbreviated MAC), used in symmetric cryptography, is attached to a message so that a recipient can verify that it wasn’t tampered with during transmission. This is also known as a MAC tag.
To create a MAC for a cryptographic message, the initial sender uses a generic algorithm (called a MAC algorithm) or set of algorithms to produce the MAC and an encryption key. The recipient also passes the received message through the same MAC algorithm. If they generate the same code as the one that came with the message, they can assume the message comes from a legitimate sender and hasn’t been changed in transit.
Before beginning the MAC sequence, the sender and receiver must have established an encryption key as part of verifying the MAC. One drawback to codes or tags for security is that the sender cannot verify that they were the first one to send a MAC with a message, because both sender and receiver use the same MAC algorithm and secret key. Thus, no one can prove who sent the message first. The ability to prove who owns an initial message is known as non-repudiation, and MAC algorithms don’t permit it. Digital signatures, in contrast, allow the sender to show that they sent a message because they used a private key that only they possess.
MACs should be able to indicate that the sent message can only be transmitted one time, eliminating the chance of a replay attack (in which an attacker resends a message to a recipient).
MACs are often used in the finance industry for added authentication in security practices. Large transactions of money and bank communications might use MACs if they are encrypted transmissions.