How hashing functions and MDCs are used

Edit online

Hashing functions include the MDC and one-way hash.

You need to hash text before submitting it to the Digital Signature Generate and Digital Signature Verify verbs (see Using digital signatures). CCA supports the SHA-1, MD5, and RIPEMD-160 hashing functions.

When a message is sent, an application program can generate a hash or a Modification Detection Code (MDC) for it using the One-Way Hash verb. This verb computes the hash or MDC, a short, fixed-length value, using a one-way cryptographic function and the message text. The originator of the message ensures the hash or MDC is transmitted with integrity to the intended receiver of the message. For example, the value could be published in a reliable source of public information.

When the receiver gets the message, an application program calls the One-Way Hash verb to generate a new hash or MDC using the same function and message text that were used by the sender. The application program can compare the new value with the one generated by the originator of the message. If the two values match, the receiver knows the message was not altered.

In a similar manner, hashes and MDCs can be used to ensure the integrity of data stored on the system or on removable media, such as tape.

By using hashes and MDCs, you get the following benefits:
  • For data transmitted over a network between locations that do not share a secret key, you can ensure the data has not been altered during transmission. It is easy to compute a hash or MDC for specific data, yet hard to find data that will result in a given hash or MDC. In effect, the problem of ensuring the integrity of a large file is reduced to ensuring the integrity of a short, fixed-length value.
  • For data stored on tape or DASD, you can ensure that the data read back onto the system was the same as the data written onto the tape or DASD. After a hash has been established for a file, the One-Way Hash verb can be run at any later time on the file. The resulting value can be compared with the stored value to detect deliberate or inadvertent modification.

For more information, see Modification Detection Code calculation.