Which method allows you to verify entity authentication, data integrity, and authenticity of communications, without encrypting the actual data?
- Both parties calculate an authenticated MD5 hash value of the data accompanying the message—one party uses the private key, while the other party uses the public key.
- Both parties to the communication use the same secret key to produce a message authentication code to accompany the message.
- Both parties calculate a CRC32 of the data before and after transmission of the message.
- Both parties obfuscate the data with XOR and a known key before and after transmission of the message.
Explanation & Hint:
The method that allows you to verify entity authentication, data integrity, and authenticity of communications, without encrypting the actual data is:
Using a MAC involves creating a short piece of information, known as the MAC itself, which is sent alongside the data. The MAC is computed from both the data and a secret key known only to the communicating parties. Upon receipt, the same computation is performed by the receiver, and if the MAC the receiver computes matches the one sent with the data, it verifies that the data has not been altered and confirms the authenticity of the communication. This method does not encrypt the data but provides a secure check to ensure data integrity and authentication. |