Questions tagged [integrity]
Integrity is the property of preventing unauthorized modifications of an asset. In other words, integrity protects against the threat of tampering. It is one of the three key security properties of an asset, along with confidentiality and availability.
315 questions
0votes
0answers
45views
How are checksums validated automatically in a system [duplicate]
Let's take an over-the-air update procedure for example. The client which needs updating downloads an update image from the source. It then performs some checksum calculation initially on the received ...
- 297
1vote
0answers
64views
Is it necessary to encrypt an eMMC that's soldered to the board?
Say you have a machine where the disk (eMMC) is non-removable like the Surface Go. If the UEFI configuration is protected with a long password, USB + network boot is disabled, and your user has a long ...
- 121
1vote
1answer
34views
Does PHP's Composer provide cryptographic authentication and integrity validation?
Does PHP's Composer package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them? I see a lot of guides ...
- 1,146
3votes
1answer
753views
Is there a way to guarantee that a static HTTP page is unchanged from when it was last reviewed
I'm making a simple web service that (skipping other details) allows a user to upload a message that can be retrieved by another user but can be decrypted only with a certain key. The message is ...
3votes
2answers
130views
How does Bob trust that X is a physical fingerprint of Alice?
Alice stated to Bob that X is her physical fingerprint. Problem: How to make Bob trust that X is really a physical fingerprint of Alice? How to prevent Alice from creating multiple identities (let's ...
9votes
4answers
3kviews
How to receive large files guaranteeing authenticity, integrity and sending time
I need to receive some important documents from another person. It may be important to be able to prove (in justice) which files exactly I received from that person at a specific moment. My first ...
- 191
0votes
0answers
10views
What is the point of a gpg file alongside the hash of a Linux ISO download? [duplicate]
I use linux and tend to distro hop a lot. I've noticed often that the distributions offer that you verify the download with a sha256sum hash and a GPG key. My understanding is that a file, e.g. a ...
- 21
1vote
1answer
137views
Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?
IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can't track it, so we have to make a choice: do we risk and accept it, or do we drop it? ...
- 325
0votes
1answer
76views
Is there a difference between data origin authentication and sender authentication?
Here the author writes "sender authentication". Does he mean data origin authentication? Or is sender authentication something different? Wikipedia says that "data origin authentication ...
- 325
2votes
0answers
96views
Why is IPsec transport mode "vulnerable" for not having integrity of variable fields? Why is this so important?
With IPsec transport mode we CAN'T have integrity of variable fields (eg TTL and checksum). Why is it a problem? Is it? What could be the attack? I think TTL expire or checksum modification (so both ...
- 325
0votes
0answers
54views
What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)
For ESPv2 I'm referring to this: https://datatracker.ietf.org/doc/html/rfc2406 so the version which supports of course confidentiality, but also authentication ONLY FOR THE PAYLOAD, NOT of the IP ...
- 325
0votes
0answers
272views
How to verify the integrity of all binaries of packages installed manually via installers and dpkg on Debian/Linux?
How could one verify the integrity of all binaries of packages installed manually via installers and dpkg on Debian/Linux? So far the only thing I could think of is this: verify that which veracrypt ...
- 393
0votes
0answers
96views
How to securely store signature file
I am using TPM to to encrypt and sign my data. But since I am not security expert, I need to come to you guys :D I am developing this app to verify file content. I already has this part sorted out ...
1vote
1answer
181views
What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?
ESP in IPsec v2 only provides integrity of the payload, not of the header. So my question is about that. The possible dangers in not having integrity of header, while having ESP active for payload. ...
- 137
0votes
1answer
171views
How is the authenticity and integrity of the various chips inside laptops and mobile phones ensured by their vendors?
Modern laptops and mobile phone platforms are built around a main, beefy SoC, which generally supports Secure Boot for its firmware and also has a unique hardware identity that is used to attest to a ...
- 66
