LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

A plain hash value detects accidental corruption — so why does it fail against a malicious attacker like Mallroy sitting in the middle?

Because the hash isn't secret: Mallroy can swap the file AND recompute a matching hash, so Bob's check still passes.

The hash function is public. So a man-in-the-middle can:

  1. Intercept Alice's file + hash.
  2. Replace the file with a forged one.
  3. Compute the hash of the forged file and attach that.

Bob hashes what he receives, it matches the (fake) hash, and he's fooled. A bare hash protects against noise and accidents, never against an adversary who controls the channel.

The fix: mix in something the attacker doesn't have — a secret key (→ MAC) or a private key (→ digital signature). That's the whole reason MACs and signatures exist.

Tip: Hash alone = integrity vs. errors. Add a secret = integrity vs. attackers.

From Quiz: ISF / Integrity & Content Authenticity (C2PA) | Updated: May 31, 2026