david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

A hash function does not provide integrity!

posted April 2017

Some of you might have seen the answer of this famous stack overflow question what are the differences between a digital signature, a mac and a hash?:

hash vs mac vs signatures

The above table is from the most upvoted answer --but it is false. A hash function does not provide integrity, a MAC provides integrity.

Instead a cryptographic hash function provides three properties, well defined in the world of cryptography: collision resistance, pre-image resistance and second pre-image resistance. Nothing else.

Well done! You've reached the end of my post. Now you can leave me a comment :)

L

Once used with a secure channel, a hash does provide integrity.
Example:
- Offering a file for download (via HTTP, insecure) and a hash of the file (again HTTP) does provide integrity as long as the connection is not modified by an active MITM
- Still offering the file via HTTP, but the hash via HTTPS does provide integrity (as long as you trust your CAs). You are able to verify that the file you downloaded via insecure HTTP is the file you intended to download by comparing a hash of the file to the hash you downloaded via HTTPS

david

> as long as the connection is not modified by an active MITM

that's not integrity for me :D

> the hash via HTTPS

you're not relying on the hash alone here, but on a construction combining the integrity of HTTPS frames + your hash.