[ Home  |  FAQ-Related Q&As  |  General Q&As  |  Answered Questions ]

    Search the Q&A Archives

...difference between a message authentication...

<< Back to: Cryptography FAQ (01/10: Overview)

Question by PiGHead
Submitted on 3/6/2004
Related FAQ: Cryptography FAQ (01/10: Overview)
Rating: Rate this question: Vote
What is the difference between a message authentication code(MAC) and a one-way hash function?

Answer by koti
Submitted on 3/30/2004
Rating:  Rate this answer: Vote
the difference between a message authentication code and one way hash functıonts more secure.


Answer by Marcos Juarez
Submitted on 6/27/2004
Rating:  Rate this answer: Vote
The difference between a one-way hash and a MAC (Message authentication code), is that the hash verifies the uniqueness of a message or file.  The MAC is usually an encrypted hash, also used to verify the uniqueness of a message, but which only can be verified if you know the secret key.

For example, say you have a list of the MD5 hashes of all your system files.  If you verify the MD5 values of the files periodically with this list, you could see which files have been changed or updated, by a virus, for instance.  However, if a virus comes in your system, and replaces a system file, it could also replace the MD5 value in your list with the new one, and you wouldn't know this happened.

If you had a list of MACs, however, the virus could replace your system file, but it has no way of replacing the hash, since it doesn't have the key to decrypt it.


Your answer will be published for anyone to see and rate.  Your answer will not be displayed immediately.  If you'd like to get expert points and benefit from positive ratings, please create a new account or login into an existing account below.

Your name or nickname:
If you'd like to create a new account or access your existing account, put in your password here:
Your answer:

FAQS.ORG reserves the right to edit your answer as to improve its clarity.  By submitting your answer you authorize FAQS.ORG to publish your answer on the WWW without any restrictions. You agree to hold harmless and indemnify FAQS.ORG against any claims, costs, or damages resulting from publishing your answer.


FAQS.ORG makes no guarantees as to the accuracy of the posts. Each post is the personal opinion of the poster. These posts are not intended to substitute for medical, tax, legal, investment, accounting, or other professional advice. FAQS.ORG does not endorse any opinion or any product or service mentioned mentioned in these posts.


<< Back to: Cryptography FAQ (01/10: Overview)

[ Home  |  FAQ-Related Q&As  |  General Q&As  |  Answered Questions ]

© 2008 FAQS.ORG. All rights reserved.