Skip to main content
{{cartCount}} Cart

ISO/IEC 9797-2:2011

Withdrawn Date published:

Warning: Withdrawn Standard. This document has been withdrawn without replacement. You may wish to search for a more up to date equivalent.

Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function

Message Authentication Code (MAC) algorithms are data integrity mechanisms that compute a short string (the Message Authentication Code or MAC) as a complex function of every bit of the data and of a secret key. Their main security property is unforgeability: someone who does not know the secret key should not be able to predict the MAC on any new data string.

MAC algorithms can be used to provide data integrity. Their purpose is the detection of any unauthorized modification of the data such as deletion, insertion, or transportation of items within data. This includes both malicious and accidental modifications. MAC algorithms can also provide data origin authentication. This means that they can provide assurance that a message has been originated by an entity in possession of a specific secret key.

ISO/IEC 9797-2:2011 specifies three MAC algorithms that are based on a dedicated hash-function (selected from ISO/IEC 10118-3).

ISO/IEC 9797-2:2011 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC.

The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the length (in bits) n of the hash-function and its strength, on the length (in bits) m of the MAC, and on the specific mechanism.

The first mechanism specified in ISO/IEC 9797-2:2011 is commonly known as MDx-MAC. It calls the complete hash-function once, but it makes a small modification to the round-function by adding a key to the additive constants in the round-function. The second mechanism specified in ISO/IEC 9797-2:2011 is commonly known as HMAC. It calls the complete hash-function twice. The third mechanism specified in ISO/IEC 9797-2:2011 is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers a higher performance for applications that work with short input strings only.

Get this standard Prices exclude GST
HardCopy
$152.17 NZD
Networkable PDF
Price varies
view preview view preview
Preview only close
Prev {{ page }}/ {{ numPages }} Next
Preview only close
Prev {{ page }}/ {{ numPages }} Next
Pages: 39

Previous versions

Keep me up-to-date

Sign up to receive updates when there are changes to this standard

Related Information

Similar Standards

  • AS/NZS ISO/IEC 27001:2023

    Information security, cybersecurity and privacy protection – Information security management systems – Requirements

  • AS/NZS ISO/IEC 27001:2023 A1

    Information security, cybersecurity and privacy protection - Privacy enhancing data de-identification framework

  • AS/NZS ISO/IEC 27002:2022

    Information security, cybersecurity and privacy protection — Information security controls

  • AS/NZS ISO/IEC 27011:2025

    Information security, cybersecurity and privacy protection – Information security controls based on ISO/IEC 27002 for telecommunications organizations

view preview view preview
Preview only close
Prev {{ page }}/ {{ numPages }} Next
Preview only close
Prev {{ page }}/ {{ numPages }} Next
Pages: 39

Previous versions

ISO/IEC 9797-2:2011

Get this standard Prices exclude GST
HardCopy
$152.17 NZD
Networkable PDF
Price varies

Request to add this standard to your subscription

ISO/IEC 9797-2:2011

Price varies
Online library subscription

Your organisation’s Account Administrator must approve a request to add a standard to your subscription.

You may add a comment to the administrator below.

Cancel