We explain what “HMAC SHA-384” means and how it contributes to a safe VPN. Unless users understand what these technical terms mean, they cannot make an informed decision.

Edit: this article was updated to more accurately reflect the security SHA-384 offers against length-extension attacks.

Virtual private networks like to use a lot of acronyms and technical jargon to describe their security. We are guilty of it as well. On our security features page, we mention that we use HMAC SHA-384 for message authentication. This statement gives you information that is essential to evaluating how safe our VPN service is, but it’s useless unless you know what it means.

In a nutshell, HMAC SHA-384 is the method that ProtonVPN uses to assure your messages are safe traveling between your device and our VPN servers. It authenticates that the traffic we are sending your device really came from our servers and that it has not been tampered with along the way. By saying we use HMAC SHA-384, we are saying that you can be confident that once you are connected to one of our servers, your connection cannot be interfered with or spoofed.

But how does HMAC SHA-384 do that? If you expand the acronyms, you have ‘hashed message authentication code secure hash algorithm 384 bit.” While this might be more precise, it probably is not any more helpful to the average VPN user. We’ll break this down, one piece at a time, beginning with “message authentication code.”

Message authentication codes verify the sender

First, a quick primer on how Internet traffic works. Everyone understands the basic premise of an Internet connection. Your device (be it a computer, cell phone, or smart TV) connects to your Internet service provider which then helps you connect to your desired website. If you happen to be connected to a malicious site or if someone intercepts your connection, known as a man-in-the-middle attack, they could monitor your data or inject malware onto your device. Establishing that your connection is with your intended website and protecting this connection from being tampered with are essential to using the Internet.



A message authentication code, or MAC, does just that. It allows the receiver of data to know the data you receive is authentic (it was sent by the party who claims to have sent it) and has not been tampered with (this is known as preserving the data’s “integrity”).

Impressive work considering a MAC is little more than a block of information typically only a few dozen bytes long. The MAC is produced by a secret key and a MAC signing algorithm. A key is just a parameter that determines the output of an algorithm. A MAC works because it is practically impossible to recreate the MAC of a message without knowing the secret key. Even if a hacker were able to capture MACs from previous messages a user sent, that would not help them crack the MAC of that user’s next message.

Do not be confused by the word “message.” This is not referring to emails or texts, although MACs and HMACs can be used to verify those too. Instead, when you see a message, think of the data that is sent between your device and the website (or VPN service) you are connected to.

So a MAC is one way of verifying that the connection you have established with a website (or VPN provider) is secure.

SHA-384

Before we explain how a hashed message authentication code works, you have to understand what hashing is. Hashing is a process that transforms a message of any size into a pseudorandom string of characters that is a fixed length. This string of characters is known as a hash. While they sound similar, hashing is different from encryption in that it only works in one direction. You can never “de-hash” a hash to get back to the original message. Because it cannot be undone, hashing is a secure way of sharing sensitive data.

Hashes are also useful because they allow you to confirm information without exposing that information. One easy use case to help illustrate this is password storage. Companies need to have a copy of your password to validate your account, but having a password in plain text is a security risk. By saving a hashed copy of your password, a company removes this security risk. When you go to sign in, the company will make a hash of the password you enter and compare it to the hash it has on file. If they match, then the passwords were the same. (This isn’t the most secure authentication method, however. ProtonMail uses the much safer Secure Remote Password protocol, which helps prevent man-in-the-middle attacks.)

SHA-384 (or secure hash algorithm) is one cryptographic hash function in the SHA-2 hash family. A hash function is an algorithm that takes a message and creates a hash. The 384 refers to the length of hash produced by the algorithm, which is 384 bits (or 48 bytes). There are hash functions that produce longer and shorter hashes. We use SHA-384 because it provides an optimal level of security and efficiency. To see what a message would look like when it is hashed with SHA-384, click here. It is one of the strongest hash functions currently available and offers increased protection against some known hashing vulnerabilities, including length-extension attacks and collision attacks, in comparison to other SHA-2 hashes.

How HMAC establishes a secure connection

A hashed message authentication code (HMAC) is a way of turning a cryptographic hash function into a MAC. Using a hash adds an extra layer of security to the MAC. In ProtonVPN’s case, the cryptographic hash function is SHA-384.

Here is how an HMAC works, in its simplest form. First, both the server and the client agree to use the same cryptographic hash function (SHA-384) and establish a shared secret key. Then, the sender combines that shared secret key with the data being sent and creates a hash out the combination of the two. The same shared secret key and the first hash are then hashed again to get a second hash (this helps prevent certain kinds of attacks). The data and the final hash are then passed to the server.

When the client receives the hash and the message, it runs the same combination of the message and its own version of the shared secret key through the same HMAC algorithm. If the hashes match, that proves that the server had the same secret key, “authenticating” the data. This also demonstrates that the message was not altered in any way by a third party. Once the client verifies that the two hashes match, it knows the data can be trusted.

If the hashes did not match, which would mean that either the server did not have the same shared secret key or the data had been interfered with in transit, the client would discard the data and know to not trust it.

It is important to note here that HMAC does not encrypt the data, it simply authenticates the data’s origin and integrity. ProtonVPN uses AES-256 to encrypt your data, keeping it private, which is then sent alongside the HMAC.

While there are other message authentication alternatives, and even other MACs, like UMAC and OMAC, HMAC is one of the safest ways to authenticate a message’s sender. Moreover, it has become almost ubiquitous. It is used in TLS and IPSec protocols.



This is a very basic explanation of what SHA-384 is and how a hashed message authentication code works, but we hope it helps you better understand and evaluate what makes a VPN safe and secure.

Best Regards,

The ProtonVPN Team

You can follow us on social media to stay up to date on the latest ProtonVPN releases:

Twitter | Facebook | Reddit

To get a free ProtonMail encrypted email account, visit: protonmail.com





