Message Integrity with Message Digest

To maintain the integrity of a message I use MD5 Algorith and send a digest along with the message. If the intruder tampers with either digest or message , it would be detectable. But what if the intruder tampers with both of them.. say he generates a message and its digest of his own.
May be my question is trivial but i do not understand.

Hi Moha,

as you have noticed correctly it is indeed a security problem if an intruder is able to manipulate a message and generate his own hash for the message when using hash functions like MD5. You would verify the manipulated message against the digest which would be manipulated, too, and you wouldn't even notice that the message was tampered with.

The simple answer to solve this problem is, that you have to prevent that this can happen :-) How you can avoid it practically depends very much on what you're doing. Is a network involved? Who or what uses the digest to verify messages? How do the message and the digest get to the other communication partner/computer if there is one? Do you only want to protect local data? This a real complex and difficult topic and depending on your needs sometimes a "simple" hash function like MD5 just won't be enough to protect your data sufficiently. For this there's unfortunately no general answer how to make something more secure with digests.

Perhaps you may give some more information about what you're trying to do if this answer didn't satisfy you?!?


Marco

Why don't you sign both the digest and the message, so when it is recieved on the other side, a verification step should take place using the public key!

Thanks Marco and Mousa.
I understand that a solution is not possible without signing possibly by a CA to be foolproof.

You know you can be your own CA for testing purposes.

Alternatively you could use asymmetric public key cryptography like GPG if you have control over "both ends" of your communication channel. Or you could use a symmetric key to completely encrypt your messages so depending on the data you would be able to detect manipulations as well as protect your data even from being readable by others!

Marco