Questions tagged [integrity]
Integrity is the property of preventing unauthorized modifications of an asset. In other words, integrity protects against the threat of tampering. It is one of the three key security properties of an asset, along with confidentiality and availability.
319 questions
0 votes
0 answers
39 views
Does chocolatey provide cryptographic authentication and integrity validation?
Does the chocolatey package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them? I usually trust my OS ...
- 1,196
0 votes
1 answer
30 views
Does cygwin provide cryptographic authentication and integrity validation?
Does the cygwin package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them? Fortunately, it's possible to ...
- 1,196
1 vote
2 answers
101 views
Does npm (Node.js package manager) provide cryptographic authentication and integrity validation?
Does the npm package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them? I see a lot of guides providing ...
- 1,196
0 votes
1 answer
156 views
Microcontroller integrity check using salted secure hash: Will this work?
We have a device that contains multiple CPUs with low power. The main CPU ... ... needs to check if the second CPU(s) contain(s) valid (authorized) software. ... has access to a copy of the correct (...
- 339
0 votes
1 answer
104 views
How do I ensure that a file remains as I expect it to on my webserver?
I am playing around with Codeigniter (not really important, but just for sake of completeness) and I try different things. Do not ask for real word application, it is just for fun and also to learn. ...
0 votes
0 answers
80 views
How are checksums validated automatically in a system [duplicate]
Let's take an over-the-air update procedure for example. The client which needs updating downloads an update image from the source. It then performs some checksum calculation initially on the received ...
- 309
1 vote
0 answers
160 views
Is it necessary to encrypt an eMMC that's soldered to the board?
Say you have a machine where the disk (eMMC) is non-removable like the Surface Go. If the UEFI configuration is protected with a long password, USB + network boot is disabled, and your user has a long ...
- 131
1 vote
1 answer
76 views
Does PHP's Composer provide cryptographic authentication and integrity validation?
Does PHP's Composer package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them? I see a lot of guides ...
- 1,196
3 votes
1 answer
805 views
Is there a way to guarantee that a static HTTP page is unchanged from when it was last reviewed
I'm making a simple web service that (skipping other details) allows a user to upload a message that can be retrieved by another user but can be decrypted only with a certain key. The message is ...
- 35
3 votes
2 answers
173 views
How does Bob trust that X is a physical fingerprint of Alice?
Alice stated to Bob that X is her physical fingerprint. Problem: How to make Bob trust that X is really a physical fingerprint of Alice? How to prevent Alice from creating multiple identities (let's ...
10 votes
4 answers
3k views
How to receive large files guaranteeing authenticity, integrity and sending time
I need to receive some important documents from another person. It may be important to be able to prove (in justice) which files exactly I received from that person at a specific moment. My first ...
- 201
0 votes
0 answers
15 views
What is the point of a gpg file alongside the hash of a Linux ISO download? [duplicate]
I use linux and tend to distro hop a lot. I've noticed often that the distributions offer that you verify the download with a sha256sum hash and a GPG key. My understanding is that a file, e.g. a ...
- 21
1 vote
1 answer
182 views
Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?
IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can't track it, so we have to make a choice: do we risk and accept it, or do we drop it? ...
- 537
0 votes
1 answer
125 views
Is there a difference between data origin authentication and sender authentication?
Here the author writes "sender authentication". Does he mean data origin authentication? Or is sender authentication something different? Wikipedia says that "data origin authentication ...
- 537
2 votes
0 answers
119 views
Why is IPsec transport mode "vulnerable" for not having integrity of variable fields? Why is this so important?
With IPsec transport mode we CAN'T have integrity of variable fields (eg TTL and checksum). Why is it a problem? Is it? What could be the attack? I think TTL expire or checksum modification (so both ...
- 537