HMAC-SHA256
The right way to authenticate a message with a shared secret. AWS V4 signatures, Stripe webhooks, JWT HS256: all HMAC-SHA256 underneath.
By Deepak Gupta ·
HMAC (Hash-based Message Authentication Code) is the canonical way to combine a secret key and an arbitrary message into an authentication tag. The construction is intentionally simple: `HMAC(k, m) = H((k ⊕ opad) || H((k ⊕ ipad) || m))`. The double-hash with two padded keys neutralizes length-extension attacks on the underlying hash, which is why you never want to roll your own `H(key || message)`: that pattern *is* exploitable on SHA-2. HMAC-SHA256 is the default for new API signing schemes (AWS V4, Stripe webhooks, GitHub webhooks, JWT HS256). If you're picking between HMAC-SHA256 and Poly1305 / GMAC / BLAKE3-keyed, HMAC-SHA256 is the safest interoperable choice; the others are faster but harder to glue into existing ecosystems.
Recommended uses
- ·API request signing (AWS-V4-style)
- ·Webhook payload verification
- ·JWT HS256 / HS512 signing
- ·Anywhere you need MAC semantics over an existing hash
Known attacks / caveats
- ·None practical against HMAC-SHA256.
Designed by
Bellare, Canetti, Krawczyk, published 1996.