14.2. "hmac" — Keyed-Hashing for Message Authentication
*******************************************************

New in version 2.2.

**Source code:** Lib/hmac.py

======================================================================

This module implements the HMAC algorithm as described by **RFC
2104**.

hmac.new(key[, msg[, digestmod]])

   Return a new hmac object.  If *msg* is present, the method call
   "update(msg)" is made. *digestmod* is the digest constructor or
   module for the HMAC object to use. It defaults to  the
   "hashlib.md5" constructor.

An HMAC object has the following methods:

HMAC.update(msg)

   Update the hmac object with the string *msg*.  Repeated calls are
   equivalent to a single call with the concatenation of all the
   arguments: "m.update(a); m.update(b)" is equivalent to "m.update(a
   + b)".

HMAC.digest()

   Return the digest of the strings passed to the "update()" method so
   far. This string will be the same length as the *digest_size* of
   the digest given to the constructor.  It may contain non-ASCII
   characters, including NUL bytes.

   Warning: When comparing the output of "digest()" to an
     externally-supplied digest during a verification routine, it is
     recommended to use the "compare_digest()" function instead of the
     "==" operator to reduce the vulnerability to timing attacks.

HMAC.hexdigest()

   Like "digest()" except the digest is returned as a string twice the
   length containing only hexadecimal digits.  This may be used to
   exchange the value safely in email or other non-binary
   environments.

   Warning: When comparing the output of "hexdigest()" to an
     externally- supplied digest during a verification routine, it is
     recommended to use the "compare_digest()" function instead of the
     "==" operator to reduce the vulnerability to timing attacks.

HMAC.copy()

   Return a copy (“clone”) of the hmac object.  This can be used to
   efficiently compute the digests of strings that share a common
   initial substring.

This module also provides the following helper function:

hmac.compare_digest(a, b)

   Return "a == b".  This function uses an approach designed to
   prevent timing analysis by avoiding content-based short circuiting
   behaviour, making it appropriate for cryptography.  *a* and *b*
   must both be of the same type: either "unicode" or a *bytes-like
   object*.

   Note: If *a* and *b* are of different lengths, or if an error
     occurs, a timing attack could theoretically reveal information
     about the types and lengths of *a* and *b*—but not their values.

   New in version 2.7.7.

See also:

  Module "hashlib"
     The Python module providing secure hash functions.