Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [integrity]

In a cryptographic sense, integrity means unimpaired and complete.

In a cryptographic sense, integrity means unimpaired and complete. To give a practical example: a compromised cryptographic algorithm has lost part (or all) of it's integrity, making it "less safe" to use.

156 questions
11
votes
2 answers

Which MACs can be converted into a secure unkeyed hash function?

It is known that setting the secret key to a fixed, public value does not make MACs like CBC-MAC or GMAC into secure unkeyed cryptographic hash functions that could be used - for instance - for digital signatures. In other words, the resulting hash…
SquareRootOfTwentyThree
  • 1,755
  • 12
  • 17
11
votes
1 answer

The difference between MAC algorithms and what to use

I've been looking into message authentication codes and found several ways to create integrity for a message. I know of the following algorithms: HMAC, this can use any cryptograhpic hash function and a key, for a HMAC to be secure the underlying…
Vincent
  • 976
  • 2
  • 12
  • 30
9
votes
1 answer

Practical uses of Manipulation Detection Code (MDC) and IGE

I've just skimmed over most of the paper "On Message Integrity in Symmetric Encryption". I've included (the last) part of the abstract below: We show that generic compositions of confidentiality-secure encryption schemes with Manipulation…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
9
votes
1 answer

TLS 1.2 Cipher Suites With AES-GCM – What data (if any) is passed to the AES-GCM cipher as the Additional Authentication Data?

TLS 1.2 defines a number of cipher suites that employ AES-GCM, e.g.: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384…
weaver
  • 193
  • 1
  • 3
9
votes
2 answers

How to verify the integrity of RSA encrypted messages?

I need to encrypt messages using PublicKeyCrypto and send it to the server, where the message should be decrypted. I'm aware of the Padding Oracle Attack and want to apply a server side integrity check of the incoming cipher messages. In AES there…
My-Name-Is
  • 234
  • 1
  • 2
  • 7
8
votes
3 answers

How to forge a Shamir secret share?

On this website, we have a lot of questions and answers devoted to Shamir secret sharing. We make it clear that Shamir secret sharing does not guarantee integrity. When we want integrity, we need to use a verifiable threshold scheme. But it is never…
dusk
  • 1,185
  • 10
  • 27
8
votes
2 answers

Should the identity of a sender be verified using additional means, or does a MAC suffice?

This question is aiming at clarification related to message authentication codes (MACs). Wikipedia’s Message Authentication Code article states: In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
8
votes
3 answers

Definition of authenticity

I came across various definitions of what authenticity means in cryptography. I would like to know which one is correct. The first definition - the one I always used - is the following: Data authenticity means that the initial message sender is who…
Othman
  • 201
  • 2
  • 4
8
votes
2 answers

Does data authenticity always, implicitly, provide data integrity?

Does a scheme which provides data authenticity (e.g. HMAC or RSA signature) always implicitly provide integrity? It seems, to me at least, that it must by necessity. However, I have seen cryptographers reference MAC, MIC, and MAIC as separate terms.…
Polynomial
  • 3,577
  • 4
  • 30
  • 45
7
votes
1 answer

CBC-MAC , fixed length, all blocks returned

CBC-MAC, with fixed length message. Is it safe to return all ciphered blocks instead of the last? My intuition says it is less secure, since is gives an attacker more information. But how could one attack this scheme?
danieltorres
  • 415
  • 4
  • 6
7
votes
2 answers

Integrity with anti-confidentiality

The Republic of Brutopia are updating the design of their library cards with a new security feature: a 2D barcode containing a cryptographically signed copy of the human-readable fields on the card. This will allow anyone to verify that a card is…
hmakholm left over Monica
  • 560
  • 4
  • 10
7
votes
4 answers

HMAC with public-private key

I need a way to protect my data. More then encryption I need a way to guarantee integrity and authenticity but I also need to be the only one that can understand integrity and authenticity. I found HMAC to be a good way for integrity and…
nkint
  • 167
  • 1
  • 1
  • 5
7
votes
2 answers

We can obtain "absolutely perfect CONFIDENTIALITY" using the one-time pad. Is there such a thing as "absolutely perfect INTEGRITY"?

The OTP (one-time pad) gives us perfect secrecy. This is the very best confidentiality available in this universe. (Although it does require large keys, which is beside the point of this question). The problem is such encryption does not attain…
code-ninja-54321
  • 171
  • 1
7
votes
5 answers

How can you prove that a certain file was downloaded from a certain website?

Let's say you downloaded a file from a certain website, and later the website claims that it didn't made that file available, is there any way to prove that the website is lying? Example 1: You download a youtube video and the channel later delete…
TimestampQuestion
  • 71
  • 1
  • 2
6
votes
1 answer

OpenSSL FIPS integrity check

As far as I know, FIPS requires a set of self tests (POST) to verify the cryptographic algorithms permitted and the integrity of the module. These tests are performed at run-time, so OpenSSL does a HMAC-SHA1 of the code loaded in memory and compares…
Guille
  • 63
  • 3
1
2 3
10 11