|
|
|
|
|
|
by bwackwat
3424 days ago
|
|
|
Ok so I guess the resulting lesson from Canada for me is that having a HASH or MAC for encrypted files is the most critical part of any secure system OP is interested in. Furthermore, Canada, what about privately managed machines communicating via TCP and AES 256 CBC symmetrically encrypted messages? I also use a random salt and a transaction number. Until now, I was thinking that successfully decrypted data would be safe. Is the case for TCP encrypted data the same? I need to have a MAC for each message and verify that between ACK's or something? EDIT: Did some research: https://en.wikipedia.org/wiki/Authenticated_encryption It looks like incorporating a MAC within or alongside the encrypted data is not as insecure or as complex as I was afraid. Can both my TCP encryption and OP's file encryption problem by solved by just appending a HASH of the encrypted data to the end of the encrypted data (EtM), or appending a HASH of the plaintext data to the end of the plaintext data and then encrypting that (MtE)? |
|
|