What does a Hashed Message Authentication Code (HMAC) use to enhance its security?

A Hashed Message Authentication Code (HMAC) employs a secret key as part of its process to ensure the integrity and authenticity of a message. The key is combined with the message data in a way that utilizes a cryptographic hash function. This use of a secret key strengthens the security of the HMAC because it requires both the key and the message to produce the same resultant HMAC value.

If an attacker does not possess the key, they will be unable to generate a valid HMAC for a given message, thus ensuring that any modifications or attempts at impersonation can be detected. The security of HMAC derives not only from the cryptographic strength of the hash function used but also from the confidentiality of the secret key.

Other options do not provide the same level of security. Randomly generated keys may be used to create HMACs, but without the secret key, they do not inherently strengthen the HMAC. Predefined values do not offer variable security and would make the HMAC predictable and susceptible to attacks. Lastly, the description of HMAC working independently without a key contradicts its fundamental design, which relies explicitly on the secrecy and strength of the key used in its computation.