what's the difference between the HMAC signature and hashing directly?

Question

Just out of curiosity, really... for example, in python,

hashlib.sha1("key" + "data").hexdigest() != hmac.new("key", "data", hashlib.sha1)

is there some logical distinction I'm missing between the two actions?

Answer 1

hashlib.sha1 gives you simply sha1 hash of content "keydata" that you give as a parameter (note that you are simply concatenating the two strings). The hmac call gives you keyed hash of the string "data" using string "key" as the key and sha1 as the hash function. The fundamental difference between the two calls are that the HMAC can only be reproduced if you know the key so you would also know something about who has generated the hmac. SHA1 can only be used to detect that content has not changed.

Answer 2

I found the answer in the manual.

https://en.wikipedia.org/wiki/Hmac#Design_principles