Data integrity authentication schemes.

In this Ask the Expert Q&A, Joel Dubin, our identity and access mangement expert examines various data integrity authentication schemes.

Joel Dubin

Is there a data integrity authentication scheme, like message authentication code (MAC), that will allow me to authenticate the integrity of the data without attaching MAC?

Message authentication code (MAC) is probably still your best bet if you want to authenticate the integrity of your data. However, if you'd prefer not to use MAC, another option is to use hashing algorithms.

The key is to check the integrity of your data, rather than authenticate the user. Hashing algorithms alone serve this purpose fine. Unlike MAC, they don't require keys to create the hash. Instead, they rely on standard, readily-available algorithms. A popular hashing algorithm is MD5, which is universally supported on both UNIX and Windows with standard tools, some already bundled with the operating system, others free for download on the Web. MD5 is a 128-bit one-way hash, which means it can only be encrypted, but it also doesn't need to be decrypted. But that's not the point because hashing isn't about confidentiality. It's about integrity. For example, the hashed message can be sent separately from the original message. The receiver can take the message, use an MD5 tool to hash it on their side, and then compare it with the hash sent with the original message. If the two match, then the message hasn't been touched or altered in transit.

This was last published in March 2006

Data integrity authentication schemes.

In this Ask the Expert Q&A, Joel Dubin, our identity and access mangement expert examines various data integrity authentication schemes.

Dig Deeper on Data security strategies and governance

MD5

MD5 vulnerability renews calls for faster SHA-256 transition

Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

Password-based authentication: A weak link in cloud authentication

Related Q&A from Joel Dubin

How to use a public key and private key in digital signatures

What's the purpose of CAPTCHA technology and how does it work?

Single sign-on best practices: How can enterprises get SSO right?

SearchCloudSecurity

Unify on-premises and cloud access control with SDP

Get to know cloud-based identity governance capabilities

6 AIOps security use cases to safeguard the cloud

SearchNetworking

Wi-Fi 6 rollout requires careful review of network devices

How cloud-native networking will transform infrastructure

The role of network observability in distributed systems

SearchCIO

Managing cybersecurity during the pandemic and in the new digital age

Enterprise architecture has business's ear at Scottish Water

4 IT contract negotiation strategies to drive value in 2021

SearchEnterpriseDesktop

Incorporating zero trust into endpoint security

Keeping tabs on employees in the hybrid workplace

Top 6 endpoint security software options in 2021

SearchCloudComputing

Choose the right serverless container service

IBM boosts vertical cloud push with financial services cloud

Open source cloud platforms and tools to consider

ComputerWeekly.com

Dutch accuse UK of ‘damaging confidence’ by disclosing details of EncroChat police collaboration

Uber ordered to reinstate six drivers fired by automated process

Google launches multimillion-dollar cloud tech push to boost Covid-19 vaccine distribution