Most CISA candidates struggle with questions related to information assets protection. I have prepared a question below that will help you understand this concept.
Ransom’s Question on 12/03/2017 – Information Asset Protection
Why do digital signatures contain a message digest?
A – to enable the message to be sent and received in a digital format.
B – to define the encryption algorithm.
C – to show whether the message has been altered during transmission.
D – to identify and authenticate the originator of the message.
Let us apply the K-E-C approach in answering this question.
Please note that the K-E-C approach is as follows:
K = Keyword, phrase or stem of the question
E = Eliminate two incorrect options
C = Choose the best answer for the remaining two options, linking the answer to the Key or K.
So let us approach this question.
K = Key – The key phrase here is “message digest”. It is asking us for the purpose of a message digest in digital signatures. In order for us to attempt this question, we need to understand what a message digest really is. What is this message digest and what does it try to achieve?.
A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message.
To put it in plain words, a digest is the same as a hash of a message. The primary purpose of a hash total in data cryptography is to ensure that the message has not been tampered with and has been delivered in its entirety. See an illustration below:
E = Eliminate two options – If we go through the options above, we can easily eliminate answers A and B. Option A says hash totals enable the message to be sent in degital format. This is not the main objective of hashing a digital message. This response is thus incorrect.
Option B says a message digest enables us in defining the decryption algorithm. This is not the case. The hash of a message is used for data transmission integrity and not for an encryption algorithm.
C = Choose the correct answer that lines up with the KEY – We are thus left with options C and D to choose from. Option D says a message digest helps us in identifying the originator of the message. This is not quite what a hash total does. A hash total simply checks a message to ascertain if it has been altered during transmission.
Option C says “to show whether the message has been altered during transmission”. This is the primary purpose of using a message digest or hash in digital signatures and data transmissions. It is to ensure that the data transmitted has not been altered in any way or replaced. If a malicious individual changed the original data, the final hash of the data will not agree to the original hash total. This is a detective control to pick up integrity breaches in data transmission.
The correct answer is thus C – to “to show whether the message has been altered during transmission”. It agrees with the “key” to this question which required us to identify the purpose of using a message digest in degital signatures.