Cryptography Reference
In-Depth Information
Choose Download Location
mediaCam AV 2.7
You have chosen to download mediaCam AV 2.7 . Check the file details to
make sure this is the correct program and version, and that your operating
system is supported.
Download Details
Operating Systems 98/2k/Me/XP
File Name mediaCamAV2.7.2.0_Installer.exe
MD5 Hash 8642009dfd6658e0399586fb27134886
File Size 4.27 MB (4,474,880 bytes)
Figure 6.3. Use of a hash function for file checksums
APPLICATION REQUIRING SECOND PREIMAGE RESISTANCE
One of the highest profile applications of hash functions is for generating
checksums that offer a lightweight data integrity check. This check falls into the
Section 6.1 data integrity category of protection against simple manipulations.
Hash functions are commonly used for providing a degree of assurance to a
user that they have downloaded a file correctly. Figure 6.3 gives an example of this
process, which works as follows:
1. A file download site displays information about a piece of software (in this case
mediaCamAV 2.7 ) and a link to the executable code (in this case Installer.exe ). It
also displays an MD5 Hash value, which identifies the name of a hash function
(MD5) and provides a hash of the executable code. MD5 is a 128-bit hash
function and so the hash is commonly displayed as a 32-character hex value.
2. A user who downloads the executable code can then recompute the hash by
putting the code through the MD5 hash function. The user then checks the
resulting hash against the one displayed on the file download site. If they match
then the user is assured that the code they have downloaded corresponds to
the code that the download site intended them to have.
We describe this as a 'lightweight' data integrity check because a hash function
can never be used on its own to provide integrity against an active attacker. Since
a hash function has no secret key, an attacker can always modify a file and then
recompute a new hash that matches the modified file. In our above example this
would then require the attacker to persuade the file download site to display this
modified code with its new hash value (alternatively the attacker would need to
modify the information on the file download site). However, if we believe that the
security of the file download site is fairly good then we can increase our 'faith' in
the data integrity of the downloaded file. If the download site is fully trusted and
its processes are believed to be secure then we gain strong data integrity through
the knowledge that neither the file nor the hash can be altered on the site itself.
In summary:
1. A hash function provides lightweight data integrity if used in isolation. It can only
protect against accidental errors and simple manipulations (see Section 6.1).
 
Search WWH ::




Custom Search