Differences and/or similarities between Checksum, Hash Digest, MAC, Digital Signature & Fingerprint

Checksum

A checksum is intended to verify (check) the integrity of data and identify data-transmission errors, A checksum protects against accidental changes.

When you downloaded a file, you can never be sure if it got corrupted on the way to your machine. You can use cksum to calculate a checksum (based on CRC-32) of the copy you now have and can then compare it to the checksum the file should have. This is how you check for file integrity

If one byte changes, the checksum changes. The checksum is not safe to protect against malicious changes: it is easy to create a file with a particular checksum.

Hash

Hash is designed to create a unique digital fingerprint of the data. A cryptographic hash protects against a very motivated attacker.

A hash function is used to map data to other data of fixed size. A perfect hash function is injective, so there are no collisions. Every input has one fixed output. A cryptographic hash function is used for verification.

A very common use case is password hashing. This allows the verification of a password without having to save the password itself.

Both hash functions and checksums are used to verify the integrity of data.

Message Digest

A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula.

Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. They are a type of cryptography utilizing hash values that can warn the copyright owner of any modifications applied to their work.

Message digests are encrypted with private keys creating a digital signature. This results in a type of validation ensuring that the appropriate user is accessing protected information. Message digests protect one-way hash algorithms taking random data and transmitting a set length hash value.

Message Authentication Code

MAC takes a message plus a secret key as input and generates an authentication code ensuring both the authenticity and integrity of the message originally sent. HMAC is the common algorithm used in MAC.

Digital Signatures

A digital signature is an electronic, encrypted, stamp of authentication on digital information such as email messages, macros, or electronic documents. A signature confirms that the information originated from the signer and has not been altered. Signing certificate and certificate authority are two key areas to understand@

  • Signing certificate – To create a digital signature, you need a signing certificate, which proves identity. When you send a digitally-signed macro or document, you also send your certificate and public key. Certificates are issued by a certification authority, and like a driver’s license, can be revoked. A certificate is usually valid for a year, after which, the signer must renew, or get a new,
  • Certificate authority (CA) – A certificate authority is an entity similar to a notary public. It issues digital certificates, signs certificates to verify their validity and tracks which certificates have been revoked or have expired.

Digital Signature provides:

  • Authenticity     The signer is confirmed as the signer.
  • Integrity     The content has not been changed or tampered with since it was digitally signed.
  • Non-repudiation     Proves to all parties the origin of the signed content. Repudiation refers to the act of a signer denying any association with the signed content.
  • Notarization     Signatures in for e.g. Microsoft Word, Microsoft Excel, or Microsoft PowerPoint files, which are time stamped by a secure time-stamp server, under certain circumstances, have the validity of a notarization.

Fingerprint

A certificate thumbprint, also called a fingerprint, is a hash of a certificate, computed over all certificate data and its signature. Thumbprints are used as unique identifiers for certificates, in applications when making trust decisions, in configuration files, and displayed in interfaces. Due to the variety of uses for thumbprints, it is not immediately clear what, if any, their security needs are. Thumbprints are usually implemented with cryptographic hash functions and used in security applications,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.