If I have a packet of data that is encrypted, the SH-224 checksum has not been included yet Is not a security vulnerability that is not encrypted?
Or maybe checksum should be prepared after encryption? In principle, if checksum is counted on plain text, then it is about encrypted data.
Is giving more information and therefore reducing security. If it is calculated on the cipher, it does not matter whether it is encrypted or not.
In the implant, the rainbow table can be attacked. If you need to find out whether the password is correct (i.e. checksum mismatch = wrong password), if you need an encrypted checksum, make sure that you include salt. Otherwise, calculate it on cipher or, if you count it on plain text, add it to the original data and encrypt everything.
EDIT: You do not need a large checksum, I was thinking the block size of the encryption algorithm ...
Comments
Post a Comment