SHA-256 is a cryptographic hash function, and CEH v13 clearly states that hash functions alone provide data integrity, but not authenticity or non-repudiation. If attackers can modify data and recompute the hash, integrity checks will still pass.
The issue arises because SHA-256 does not prove who created or modified the data. To address this weakness, CEH v13 recommends using digital signatures, which combine hashing with asymmetric cryptography. A digital signature ensures:
Integrity (data has not changed)
Authentication (data was signed by a known entity)
Non-repudiation (the signer cannot deny the action)
Digital signatures work by hashing the data and encrypting the hash with the sender’s private key. Any modification to the data invalidates the signature.
Encryption alone (Options A and C) protects confidentiality, not integrity or authenticity. SSL/TLS (Option B) secures data in transit but does not protect stored data from tampering.
CEH v13 explicitly identifies digital signatures as the correct cryptographic control when integrity mechanisms alone are insufficient. Therefore, Option D is correct.
