What is the method that verifies both the integrity and authenticity of a message by combining a cryptographic hash with a secret key?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

What is the method that verifies both the integrity and authenticity of a message by combining a cryptographic hash with a secret key?

Explanation:
Combining a cryptographic hash with a secret key to verify both integrity and authenticity is done with a Message Authentication Code based on a hash, specifically HMAC. In HMAC, the secret key and the message are processed through a hash function in a precise inner-outer construction. The result is a tag that accompanies the message. The receiver, who also knows the secret key, recomputes the tag from the received message and compares it to the tag sent. If they match, the message hasn’t been altered (integrity) and it originates from someone who possesses the shared secret key (authenticity). This differs from the other options: a digital signature uses a private/public key pair to provide authenticity and non-repudiation, not a shared secret key; a message digest is just a hash without any secret key, so it only guards integrity in a context where the hash is protected or trusted, not authenticity; and Cipher Block Chaining is a mode of encryption for confidentiality and isn’t used to verify integrity/authenticity on its own.

Combining a cryptographic hash with a secret key to verify both integrity and authenticity is done with a Message Authentication Code based on a hash, specifically HMAC. In HMAC, the secret key and the message are processed through a hash function in a precise inner-outer construction. The result is a tag that accompanies the message. The receiver, who also knows the secret key, recomputes the tag from the received message and compares it to the tag sent. If they match, the message hasn’t been altered (integrity) and it originates from someone who possesses the shared secret key (authenticity).

This differs from the other options: a digital signature uses a private/public key pair to provide authenticity and non-repudiation, not a shared secret key; a message digest is just a hash without any secret key, so it only guards integrity in a context where the hash is protected or trusted, not authenticity; and Cipher Block Chaining is a mode of encryption for confidentiality and isn’t used to verify integrity/authenticity on its own.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy