A few MAC algorithms are available. DES and AES are among the most well known ones.
1.Sender sends Message & MAC(Message, K), M1
2.Receiver receives both parts
3.Receiver makes his own MAC(Message, K), M2
4.If M2 != M1, data has been corrupted
5.If M2 == M1, data is valid
HMAC stands for Hash-based MAC. It works by using an underlying hash function over a message and a key.
4. How HMAC works?
Theoretically, any hash fuction could be used with HMAC, although more secure hashing functions are preferable. Commonly used hash functions are MD5 and SHA-1. As computers become more and more powerful, increasingly complex hash functions will probably be used. Furthermore, there are several generations of SHA hashing functions (SHA-256, SHA-384, and SHA-512) which are currently available but not very widely used as their added security is not yet believed to be needed in everyday transactions.
5. Why use HMAC?
HMAC generates a Message Authentication Code by the following formula:The HMAC(M) is then sent as any typical MAC(M) in a message transaction over insecure channels (See section 1). Again, any hash function can be used, but MD5 and SHA-1 seem to be most popular.
HMAC(M) = H[(K+opad) & H[(k+ipad) & M]]
M = Message
H = Underlying Hash function
K = Shared Secret Key
opad = 36hex, repeated as needed
ipad = 5Chex, repeated as needed
& = concatenation operation
+ = XOR operation
Speed is the main reason. Hash functions are much faster than block ciphers such as DES and AES in software implementation (unfortunately, I don't have data showing really how faster they are at this point). Another advantage is that they are freely available, and are not subject to the export restriction rules of the USA and other countries.
However, HMAC, as a cryptographic mechanism, is repudiatable. That is, Bob cannot demonstrate that data really came from Alice -- both a sender and a receiver can generate an exactly same HMAC output (so Bob could have made the data himself). This is unlike digital signatures which only the sender can generate.