Rank simple checksum, hash, MAC, and digital signature by what security properties each one provides.
Each step up the ladder adds one guarantee: checksum→errors, hash→integrity, MAC→authenticity, signature→non-repudiation.
| Mechanism | Error detection | Integrity | Authenticity | Non-repudiation |
|---|---|---|---|---|
| Simple checksum | ✔ | |||
| Hash value | ✔ | ✔ | ||
| Message Authentication Code | ✔ | ✔ | ✔ | |
| Digital signature | ✔ | ✔ | ✔ | ✔ |
The dividing line — "malicious actor": the checksum and bare hash only survive accidental errors; a MAC and a digital signature survive a deliberate attacker, because they fold in a key the attacker doesn't possess (shared key for MAC, private key for signature).
Why the ladder is cumulative: each mechanism contains the one above it — a MAC is a hash with a key; a signature is a hash encrypted with a private key. So each new property is added without losing the previous ones.
Tip: Memorize the four columns left-to-right: Error → Integrity → Authenticity → Non-repudiation. Only the digital signature ticks all four.