hash code generating algorithm.

[lavu]

I am trying to provide some security to text files, by adding a
signature
at the end of each text file.
this signature needs to be generated by some kind of
hashing algorithm. so while sending the file,
i will sign the text file and at the receiving end,
the text file will be checked to make sure
that the hash code matches.
( not that it matters for this but my environment is c++ in vs.net2003)
any ideas about what kind of hash algorithm i could use ?
thanks in advance.

 

[William DePalo [MVP VC++]]

I am trying to provide some security to text files, by adding a
signature
at the end of each text file.
this signature needs to be generated by some kind of
hashing algorithm. so while sending the file,
i will sign the text file and at the receiving end,
the text file will be checked to make sure
that the hash code matches.
( not that it matters for this but my environment is c++ in vs.net2003)
any ideas about what kind of hash algorithm i could use ?
thanks in advance.

Hashes and digital signatures are not the same. Loosely, a signature on a
message is string which is the value of the hash of a message encrypted with
the signer's private key.

So the first thing you need to do is to decide whether you want a signature
or a hash. Just by the way, signatures usually imply the presence of a whole
infrastructure with a trusted "certificate authority".

Popular hash algorithms go by the name of SHA-1 (secure hash #1) and MD5
(message digest #5). Google is your friend.

Cryptography is a huge and hard-to-grok topic. You might want to start
reading here:

http://msdn2.microsoft.com/en-us/library/aa382450.aspx

or here

http://www.eskimo.com/~weidai/cryptlib.html

Regards,
Will

 

[Ben Voigt]

Hashes and digital signatures are not the same. Loosely, a signature on a
message is string which is the value of the hash of a message encrypted
with the signer's private key.

So the first thing you need to do is to decide whether you want a
signature or a hash. Just by the way, signatures usually imply the
presence of a whole infrastructure with a trusted "certificate authority".

Popular hash algorithms go by the name of SHA-1 (secure hash #1) and MD5
(message digest #5). Google is your friend.

MD5 is considered to be broken... MD4 was broken and the same mathematical
features weaken MD5, making certain attacks feasible using modern computing
systems.

 

[William DePalo [MVP VC++]]

MD5 is considered to be broken... MD4 was broken and the same mathematical
features weaken MD5, making certain attacks feasible using modern
computing systems.

And for that matter so is SHA-1:

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

The devil, though, is in the details. Whether the "collision attack"
vulnerability in SHA-1 or a vulnerability in any other algorithm is
significant depends a lot on what one wants to do, the resources one wishes
to expend, and the resources of those who might want to crack one's
security.

Chances are that if someone is posting a question _here_ the security
provided by either MD-5 or SHA-1 (assuming the OP just needs a hash
function) would suffice.

Regards,
Will

 

[lavu]

Thanku for giving me something to begin with. Looks like I have a lot
of reading about hash code and digital signatures.
I was told to create an ecncrypted hash code that can be appended to
the file to be secured. Sounds simple but looks like I have quite some
ways to go. My journey begins now......

 

[Ben Voigt]

Thanku for giving me something to begin with. Looks like I have a lot
of reading about hash code and digital signatures.
I was told to create an ecncrypted hash code that can be appended to
the file to be secured. Sounds simple but looks like I have quite some
ways to go. My journey begins now......

Rather than searching for hash code or digital signature, try "message
authentication code".