Quiz Entry - updated: 2026.07.14
What are the key differences between MAC (Type 2) and MDC (Type 3) hash functions?
MACs require a key and provide true integrity; MDCs are keyless and serve only as modification detection codes that need additional mechanisms (like signatures) for integrity.
| Property | MAC (Type 2) | MDC (Type 3) |
|---|---|---|
| Key required | Yes — must be in a security module | No — pure software |
| Provides integrity | Yes — real integrity (via shared secret) | No — only detects unintentional changes alone |
| Speed | Slower (CBC-MAC uses block cipher, which interfaces with security module) | Very fast — pure software hash |
| Finding two messages with same value | Difficult (key is secret) | Difficult (crypto-secure) |
| Role in signing | N/A | Proxy / representative of the message |
| Detects | Intentional modification (attacker without key) | Unintentional modification alone; needs signature for intentional |
Critical insight: An MDC by itself is just a "modification detection value" — an attacker can change the message and recompute the hash. Only when combined with a digital signature does the MDC provide protection against intentional tampering.
Go deeper:
Message authentication code (Wikipedia) — why a shared secret is what separates a MAC's real integrity from an MDC's mere change-detection.