How is HMAC SHA-256 different from SHA256?
Is there anything different about how secure these two hashing algorithms are? Does HMAC "fuse" the data and the key in a special way that's more security-aware?
HMAC SHA256 vs SHA256
There's actually a very big problem with SHA256(key||data): SHA-256, along with SHA-512, SHA-1, MD5, and all other hashes using the Merkle–Damgård construction, is vulnerable to a length extension attack: given H(x), it's very simple to find H(x||y), even if you only know the length of x, because of how the construction works.
(Essentially, the construction works like this: You have a variable state that starts at some fixed value specified in the algorithm. You split the input to the hash function into blocks of size specified in the algorithm (padding the last block if it's too short), and for each block, you use the current block and the current state to compute the new state using some special function specified in the algorithm. The value of state after processing the last block is the hash value. With any function using this construction, if you have the length of x, you can compute the padding p used. Then if you have H(x), you have the state after processing every block of x||p, which means you can proceed from there to compute H(x||p||y)). That means that an attacker who knows the length of your MAC key and knows a particular value of SHA256(key||data) can easily compute SHA256(key||data||other data) for some given other data. They can choose most of the other data, but even if they couldn't, it's a fatal flaw in a MAC scheme if an attacker without the key can forge any MAC-data pair from other legitimate MAC-data pairs. Incidentally, SHA256(data||key), while not vulnerable to length extension, is vulnerable to collisions in SHA256, which can also produce collisions in the proposed MAC, due to the same iterated construction. HMAC's nesting prevents these and various other attacks. With non-Merkle-Damgård hashes, you don't necessarily need the HMAC construction, though.
Answer (1)
HMAC (Hash-based Message Authentication Code) with SHA-256 and SHA-256 are related but serve different purposes:
SHA-256: SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function that takes an input (or message) and produces a fixed-size output hash value, typically 256 bits in length. It is commonly used for generating unique fixed-size representations of data. SHA-256 is a one-way function, meaning it is computationally infeasible to reverse the process and obtain the original input from the hash value. It's commonly used for tasks like hashing passwords, digital signatures, and integrity verification.
HMAC with SHA-256: HMAC is a construction that uses a cryptographic hash function (such as SHA-256) in combination with a secret key to provide message authentication. It mitigates certain cryptographic weaknesses in the original hash function by introducing the secret key. HMAC with SHA-256 involves applying the SHA-256 hash function to the input data along with a secret key to produce a hash value. This hash value is then used as a signature or authentication tag for the message. HMAC ensures both integrity and authenticity of the message by verifying that the message has not been altered and that it originates from a known and authenticated sender.
In summary, while SHA-256 is a cryptographic hash function used for generating fixed-size hash values from input data, HMAC with SHA-256 is a specific method for generating message authentication codes using SHA-256 in combination with a secret key to provide message integrity and authenticity.