Java Glossary : digest

Last updated 2004-06-28 by Roedy Green ©1996-2004 Canadian Mind Products

Java definitions: 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

You are here : home : Java Glossary : D words : digest.

digest

A complicated checksum that is difficult to fake. A message digest function is an algorithm which takes a variable-length message and produces a fixed-length hash, 128 bits for MD5, 160 bits for SHA-1. Given the hash, it is computationally all but impossible to find another message with that same hash; in fact one can't determine any usable information about a message from the hash, not even a single bit. The idea is if you compute a message digest, then if any bytes in the message change, the recomputed digest will change and you can detect the tampering when you recompute the hash. If there is no tampering, the digest will remain constant. With regular checksums, such as CRC or XOR, it is not all that difficult to tamper and fiddle the tampered message so that the checksum still comes out the same. e.g. a clever virus could insert itself in a checksummed file, and add gibberish to make the checksum come out the same as before so that a checksum verifier would be unable to detect its presence. A one-way hash function can be private or public, just like an encryption function. In other words, anyone can recompute it (public) or just the holder of the private key (private). With a private key scheme, anyone with the public key can verify the checksum is correct, even if they could not compute it from scratch.

A public one-way hash function can be used to speed up a public-key digital signature system. Rather than directly compute the signature of a long message which can take an inordinately long time, you compute the one-way hash of the message, and then digitally sign just the hash. The result can be verified with a public key, but created only with a private key. The receiver can verify the digest and hence be assured the file indeed came from you and that none of its bytes have been modified since you signed it. There are two common digest algorithms SHA-1 and MD5. Even though Jar files for signed Applets have a signed digest, oddly, Sun did not provide access to classes for computing them until Java 1.3 when it introduced the java.security.MessageDigest class.

If you want digests that others can't backwards guess to the original text, condition your original data with secret1 + data + secret2 where + represents concatenation. For a slightly fancier technique use HMAC described in RFC 2104.

MD-5 and SHA-1 are heavyweight digests. If you want to compute them quickly and are not concerned about cryptographic maliciousness, just random error, you can get away with much simpler digests such as:

• CRC16
• java.util.zip.CRC32
• java.util.zip.Adler32
• java.lang.Object.hashCode() % someLargePrime

For earlier versions of Java, Mitch Gallant has provided one. Mr. Tines has also provided one.

checksum ¤ digital signatures ¤ hashCode ¤ MD5 ¤ password ¤ SHA-1 ¤ Signed Applets

home	Canadian Mind Products
	mindprod.com IP:[24.87.56.253]
	Your IP:[80.134.30.163]
	You are visitor number 2273.
	Please send errors, omissions and suggestions
	to improve this page to Roedy Green.
	You can get a fresh copy of this page from:	or possibly from your local J: drive mirror:
	http://mindprod.com/jgloss/digest.html	J:\mindprod\jgloss\digest.html