In this work, a detailed study of two finalists of the SHA-3 competition from the side-channel analysis point of view is provided. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical HMAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein are analyzed. Consequently, examples of software countermeasures thwarting first-order DPA or CPA are given. For the validation of our choices, HMAC-Grøstl, HMAC-Skein as well as the countermeasures were implemented on a 32-bit ARM-based smart card, and power analysis attacks were mounted in practice on both unprotected and protected implementations. Finally, the performance difference between both versions is discussed.