Collaborate Disseminate
Does PHP’s Composer package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing installation instructions with st… Continue reading Does PHP’s Composer provide cryptographic authentication and integrity validation?
I’m making a simple web service that (skipping other details) allows a user to upload a message that can be retrieved by another user but can be decrypted only with a certain key. The message is encrypted and decrypted on the client side a… Continue reading Is there a way to guarantee that a static HTTP page is unchanged from when it was last reviewed
Alice stated to Bob that X is her physical fingerprint.
Problem:
How to make Bob trust that X is really a physical fingerprint of Alice?
How to prevent Alice from creating multiple identities (let’s assume she has only one physical finger… Continue reading How does Bob trust that X is a physical fingerprint of Alice?
Alice stated to Bob that X is her physical fingerprint.
Problem:
How to make Bob trust that X is really a physical fingerprint of Alice?
How to prevent Alice from creating multiple identities (let’s assume she has only one physical finger… Continue reading How does Bob trust that X is a physical fingerprint of Alice?
I would think all it has to do is read the file, compute an SHA 256 in fast AES hardware, and compare it to a known correct value from a table that was itself hashed for validation.
But it seems to take forever. How come? Are they sending … Continue reading Why does Windows SFC /scannow take so long to run? [migrated]
I need to receive some important documents from another person. It may be important to be able to prove (in justice) which files exactly I received from that person at a specific moment.
My first guess was to ask the person to send me the … Continue reading How to receive large files guaranteeing authenticity, integrity and sending time
I use linux and tend to distro hop a lot. I’ve noticed often that the distributions offer that you verify the download with a sha256sum hash and a GPG key.
My understanding is that a file, e.g. a linux .iso file will have an (almost) uniqu… Continue reading What is the point of a gpg file alongside the hash of a Linux ISO download? [duplicate]
There is an argument that if the Proof-of-Work (PoW) mechanism is removed from the Bitcoin network or if the puzzle does not have a sufficient level of difficulty proportional to the computing power of the network, the chaining of transact… Continue reading Is PoW an indispensable component in blockchain? [closed]
IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can’t track it, so we have to make a choice: do we risk and accept it, or do we drop it?
If we drop all these outside-window pa… Continue reading Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?
Here the author writes "sender authentication". Does he mean data origin authentication? Or is sender authentication something different?
Wikipedia says that "data origin authentication (or message authentication) is a pro… Continue reading Is there a difference between data origin authentication and sender authentication?