0

Hashing functions are used for data integrity when integrated with signing asymmetric algorithms but I miss a step. In multiple sources like here or here I read for granted that hashing algorithm per se are enough for ensuring data integrity.

Let's go into an example. We hash the content and send it alongside the original message to the recipient. A man in the middle gets the message, forges it, calculate its new hash by using any hashing algorithm, and sends everything to the recipient. Maybe the man in the middle knows what algorithm is used on the recipient's side. The recipient receives the compromised message and the new compromised hashed version. Recipient alculates the hash of the bad message, sees that it matches with the bad hash and it’s done.

My conclusion is that the hash, to serve its purpose and really ensure data integrity, needs to be necessarily protected by being signed through private key on the sender side. Am I missing something? Because I don't read this concept anywhere unfortunately and it's just my (maybe wrong) conclusion.

Tarta
  • 129
  • 5
  • Integrity and authenticity are different things, see the linked answer. This is the source of your confusion. Signatures or MACs are required to ensure authenticity, but hashes alone can provide integrity. – SAI Peregrinus Nov 11 '23 at 03:57
  • @SAIPeregrinus indeed you are right. Thing is that whenever I read "integrity" I assume "a message that hasn't been tampered". But that was just my assumption, wrong one. – Tarta Nov 11 '23 at 08:51

0 Answers0