(I) A keyed hash [R2104] that can be based on any iterated
cryptographic hash (e.g., MD5 or SHA-1), so that the cryptographic
strength of HMAC depends on the properties of the selected
cryptographic hash. (See: [R2202, R2403, R2404].)
Derivation: Hash-based MAC. (Compare: CMAC.)