Collaborate Disseminate
I use linux and tend to distro hop a lot. I’ve noticed often that the distributions offer that you verify the download with a sha256sum hash and a GPG key.
My understanding is that a file, e.g. a linux .iso file will have an (almost) uniqu… Continue reading What is the point of a gpg file alongside the hash of a Linux ISO download? [duplicate]
There is an argument that if the Proof-of-Work (PoW) mechanism is removed from the Bitcoin network or if the puzzle does not have a sufficient level of difficulty proportional to the computing power of the network, the chaining of transact… Continue reading Is PoW an indispensable component in blockchain? [closed]
IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can’t track it, so we have to make a choice: do we risk and accept it, or do we drop it?
If we drop all these outside-window pa… Continue reading Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?
Here the author writes "sender authentication". Does he mean data origin authentication? Or is sender authentication something different?
Wikipedia says that "data origin authentication (or message authentication) is a pro… Continue reading Is there a difference between data origin authentication and sender authentication?
With IPsec transport mode we CAN’T have integrity of variable fields (eg TTL and checksum).
Why is it a problem? Is it? What could be the attack?
I think TTL expire or checksum modification (so both DoS), but I mean, if an attacker can mod… Continue reading Why is IPsec transport mode "vulnerable" for not having integrity of variable fields? Why is this so important?
For ESPv2 I’m referring to this: https://datatracker.ietf.org/doc/html/rfc2406 so the version which supports of course confidentiality, but also authentication ONLY FOR THE PAYLOAD, NOT of the IP header.
My professor warns against using ES… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)
How could one verify the integrity of all binaries of packages installed manually via installers and dpkg on Debian/Linux?
So far the only thing I could think of is this:
verify that which veracrypt returns /usr/bin/veracrypt
Does the GNU GUIX package manager in require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verified because the repo’s man… Continue reading Does GUIX provide cryptographic authentication and integrity validation?
I am using TPM to to encrypt and sign my data. But since I am not security expert, I need to come to you guys 😀
I am developing this app to verify file content. I already has this part sorted out with TPM. But now comes the tricky part. I… Continue reading How to securely store signature file
What attacks can occur by altering the IP packet header with only ESPv2 (so having ONLY payload confidentiality&integrity but NOT integrity)?
My professor warns against using ESPv2 without header integrity due to potential header manip… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2(so confidentiality and integrity of payload(no header integrity))?