Category Archives: confidentiality

What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)

Posted on by

For ESPv2 I’m referring to this: https://datatracker.ietf.org/doc/html/rfc2406 so the version which supports of course confidentiality, but also authentication ONLY FOR THE PAYLOAD, NOT of the IP header.
My professor warns against using ES… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)

What attacks can be performed by changing header of IP packet if I apply only ESPv2(so confidentiality and integrity of payload(no header integrity))?

Posted on by

What attacks can occur by altering the IP packet header with only ESPv2 (so having ONLY payload confidentiality&integrity but NOT integrity)?
My professor warns against using ESPv2 without header integrity due to potential header manip… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2(so confidentiality and integrity of payload(no header integrity))?

What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?

Posted on by

ESP in IPsec v2 only provides integrity of the payload, not of the header. So my question is about that. The possible dangers in not having integrity of header, while having ESP active for payload.
What are the potential risks if an attack… Continue reading What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?

Confidentiality of data coming from a country with data protection laws stored in a country with different laws [closed]

Posted on by

I send very confidential items by email, such as photos, addresses, social security numbers, bank numbers, driving card numbers, and diplomas.
Everything was supposed to stay in France.
In fact, it’s an Amazon server in the USA, so no conf… Continue reading Confidentiality of data coming from a country with data protection laws stored in a country with different laws [closed]

Public client or Confidential client: should I generate a client secret?

Posted on by

I’ve read about this but I don’t fully understand how to choose.
I have two options:
Public client

"A native, browser or mobile-device app. Cognito API requests are made from user systems that are not trusted with a client secret.&qu… Continue reading Public client or Confidential client: should I generate a client secret?

Reasons for both First Encrypt then Sign and First sign then Encrypt on which is better specific reasons? [closed]

Posted on by

When we want to send a message from A to B with confidentiality and non repudiation. I want answer and reasons for both the technique
1)
Why First Encrypt then sign is better ?
2)
Why First sign then Encrypt I’d better than 1)

Continue reading Reasons for both First Encrypt then Sign and First sign then Encrypt on which is better specific reasons? [closed]

Why don’t basically all "clusters" and similar distributed systems use Shamir’s secret sharing method? [migrated]

Posted on by

When I came to the topic of Ansible (Vault), when deploying secrets in Ansible and other passwords up to 128 characters Shamir’s Secret Sharing would be an ideal solution I think:

The secret is never in one spot
The secret can be encrypte… Continue reading Why don’t basically all "clusters" and similar distributed systems use Shamir’s secret sharing method? [migrated]