Questions tagged [integrity]
Integrity is the property of preventing unauthorized modifications of an asset. In other words, integrity protects against the threat of tampering. It is one of the three key security properties of an asset, along with confidentiality and availability.
313
questions
8
votes
4
answers
3k
views
How to receive large files guaranteeing authenticity, integrity and sending time
I need to receive some important documents from another person. It may be important to be able to prove (in justice) which files exactly I received from that person at a specific moment.
My first ...
0
votes
0
answers
9
views
What is the point of a gpg file alongside the hash of a Linux ISO download? [duplicate]
I use linux and tend to distro hop a lot. I've noticed often that the distributions offer that you verify the download with a sha256sum hash and a GPG key.
My understanding is that a file, e.g. a ...
1
vote
1
answer
90
views
Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?
IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can't track it, so we have to make a choice: do we risk and accept it, or do we drop it?
...
0
votes
1
answer
37
views
Is there a difference between data origin authentication and sender authentication?
Here the author writes "sender authentication". Does he mean data origin authentication? Or is sender authentication something different?
Wikipedia says that "data origin authentication ...
2
votes
0
answers
77
views
Why is IPsec transport mode "vulnerable" for not having integrity of variable fields? Why is this so important?
With IPsec transport mode we CAN'T have integrity of variable fields (eg TTL and checksum).
Why is it a problem? Is it? What could be the attack?
I think TTL expire or checksum modification (so both ...
0
votes
0
answers
44
views
What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)
For ESPv2 I'm referring to this: https://datatracker.ietf.org/doc/html/rfc2406 so the version which supports of course confidentiality, but also authentication ONLY FOR THE PAYLOAD, NOT of the IP ...
0
votes
0
answers
97
views
How to verify the integrity of all binaries of packages installed manually via installers and dpkg on Debian/Linux?
How could one verify the integrity of all binaries of packages installed manually via installers and dpkg on Debian/Linux?
So far the only thing I could think of is this:
verify that which veracrypt ...
0
votes
0
answers
42
views
Does GUIX provide cryptographic authentication and integrity validation?
Does the GNU GUIX package manager in require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be ...
0
votes
0
answers
57
views
How to securely store signature file
I am using TPM to to encrypt and sign my data. But since I am not security expert, I need to come to you guys :D
I am developing this app to verify file content. I already has this part sorted out ...
1
vote
1
answer
140
views
What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?
ESP in IPsec v2 only provides integrity of the payload, not of the header. So my question is about that. The possible dangers in not having integrity of header, while having ESP active for payload.
...
0
votes
1
answer
117
views
How is the authenticity and integrity of the various chips inside laptops and mobile phones ensured by their vendors?
Modern laptops and mobile phone platforms are built around a main, beefy SoC, which generally supports Secure Boot for its firmware and also has a unique hardware identity that is used to attest to a ...
0
votes
0
answers
57
views
Does Node.js's npm provide cryptographic authentication and integrity validation?
Does Node.js's npm package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides ...
2
votes
1
answer
114
views
is it possible to checksum a set of R scripts to ensure code integrity?
This question was inspired to a degree by How secure is R and RStudio?
It had a very reasonable answer and looking at the possibilities I thought a small system of R scripts (about 10 scripts) would ...
0
votes
0
answers
81
views
Security implication of loading untrusted private keys
The FIPS draft for Dilithium signature scheme (official name ML-DSA) had just been released not long ago. In the specification for skDecode (which is the subroutine that loads the private signing key) ...
0
votes
1
answer
175
views
WebAuthn does not guarantee public-key integrity other than trough attestation?
I've been reading about WebAuthn and try to write some code to exercise.
One thing I noticed is that the spec doesn't seem to provide any way to verify the correctness of the public-key being create()'...