Data integrity authentication schemes.

In this Ask the Expert Q&A, Joel Dubin, our identity and access mangement expert examines various data integrity authentication schemes.

Joel Dubin

Is there a data integrity authentication scheme, like message authentication code (MAC), that will allow me to authenticate the integrity of the data without attaching MAC?

Message authentication code (MAC) is probably still your best bet if you want to authenticate the integrity of your data. However, if you'd prefer not to use MAC, another option is to use hashing algorithms.

The key is to check the integrity of your data, rather than authenticate the user. Hashing algorithms alone serve this purpose fine. Unlike MAC, they don't require keys to create the hash. Instead, they rely on standard, readily-available algorithms. A popular hashing algorithm is MD5, which is universally supported on both UNIX and Windows with standard tools, some already bundled with the operating system, others free for download on the Web. MD5 is a 128-bit one-way hash, which means it can only be encrypted, but it also doesn't need to be decrypted. But that's not the point because hashing isn't about confidentiality. It's about integrity. For example, the hashed message can be sent separately from the original message. The receiver can take the message, use an MD5 tool to hash it on their side, and then compare it with the hash sent with the original message. If the two match, then the message hasn't been touched or altered in transit.

This was last published in March 2006

Data integrity authentication schemes.

In this Ask the Expert Q&A, Joel Dubin, our identity and access mangement expert examines various data integrity authentication schemes.

Dig Deeper on Data security strategies and governance

MD5

MD5 vulnerability renews calls for faster SHA-256 transition

Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

Password-based authentication: A weak link in cloud authentication

Related Q&A from Joel Dubin

How to use a public key and private key in digital signatures

What's the purpose of CAPTCHA technology and how does it work?

Single sign-on best practices: How can enterprises get SSO right?

SearchCloudSecurity

6 SaaS security best practices to protect applications

Review these 7 CASB vendors to best secure cloud access

CASB explained: Know its use cases before you buy

SearchNetworking

Considerations for SASE management and troubleshooting

Cisco sweetens Acacia deal by $2 billion

SASE challenges include network security roles, product choice

SearchCIO

Parler sues AWS, seeks restraining order

Digital healthcare top priority for CIOs in 2021

C-suite execs give future technology predictions for the decade

SearchEnterpriseDesktop

Will Windows 10 be the last Windows OS?

CES: Laptops sport designs friendly for remote workers

Evaluate if Windows 10 needs third-party antivirus

SearchCloudComputing

COVID-19 and remote work shift cloud predictions for 2021

Cloud providers jockey for 2021 market share

How to build a cloud center of excellence

ComputerWeekly.com

Top IT predictions in APAC: 2021

2021 IT Priorities: APAC Key Technology Areas Infographic

MoD reports 18% rise in data loss incidents