We want to compute a message authentication code, or MAC, using a hash algorithm and a key. This is known as a keyed hash. Given the message M and key K suppose we compute H(K, M). Why is this insecure?

Is H(M, K) more secure? There is an unlikely attack.

How about putting K at the beginning and at the end? This is, roughly, what is done in HMAC.

HMAC(M, K) is computed as follows. Let B be the block length of the hash, in bytes. For example, both SHA-1 and MD5 have B = 64. Let

      ipad = the byte 0x36 repeated B times
      opad = the byte 0x5C repeated B times

where "i" is for inner and "o" is for outer. Then to compute HMAC over the data M

      HMAC(M, K) = H(K XOR opad, H(K XOR ipad, M))

This information (and more) can be found in RFC 2104 at http://www.faqs.org/rfcs/rfc2104.html.