Message digest algorithms rely on cryptographic hash functions to generate a unique value that is computed from data and a unique symmetric key. A cryptographic hash function inputs data of arbitrary length and produces a unique value of a fixed length. Because message digest algorithms generate a value that is always used in encrypted form (never decrypted), they are sometimes known as encryption-only algorithms.

Adding a unique symmetric key that is shared between a sender and receiver in order to compute a message digest value provides confidentiality to ensure that the message digest cannot be easily changed if the data is changed in an unauthorized or other unexpected manner. Both the sender and receiver of the data (including the senders message digest) must share the same key for the receiver to generate an identical message digest.

If some other agent changes the data between the sender and receiver and hashes their own message digest without the correct key, the new message digest, while representing the data, will not be the same as the message digest computed by the receiver using the correct symmetric key. The resulting value generated from the symmetric key (or MAC key) and the message digest is known as a Message Authentication Code (MAC) because it can be used to test for unauthorized alteration of both the data and the message digest.

Common examples of hash algorithms used to generate MAC values include Message Digest 5 (MD5) and Secure Hash Algorithm SHA-1 (SHA-1).