This week's book giveaway is in the Spring forum.
We're giving away four copies of Spring Boot in Practice and have Somnath Musib on-line!
See this thread for details.
Win a copy of Spring Boot in Practice this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Message Integrity with Message Digest

 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To maintain the integrity of a message I use MD5 Algorith and send a digest along with the message. If the intruder tampers with either digest or message , it would be detectable. But what if the intruder tampers with both of them.. say he generates a message and its digest of his own.
May be my question is trivial but i do not understand.
 
best scout
Posts: 1294
Scala IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Moha,

as you have noticed correctly it is indeed a security problem if an intruder is able to manipulate a message and generate his own hash for the message when using hash functions like MD5. You would verify the manipulated message against the digest which would be manipulated, too, and you wouldn't even notice that the message was tampered with.

The simple answer to solve this problem is, that you have to prevent that this can happen :-) How you can avoid it practically depends very much on what you're doing. Is a network involved? Who or what uses the digest to verify messages? How do the message and the digest get to the other communication partner/computer if there is one? Do you only want to protect local data? This a real complex and difficult topic and depending on your needs sometimes a "simple" hash function like MD5 just won't be enough to protect your data sufficiently. For this there's unfortunately no general answer how to make something more secure with digests.

Perhaps you may give some more information about what you're trying to do if this answer didn't satisfy you?!?


Marco
 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why don't you sign both the digest and the message, so when it is recieved on the other side, a verification step should take place using the public key!
 
Moha Shaf
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Marco and Mousa.
I understand that a solution is not possible without signing possibly by a CA to be foolproof.
 
Mouza Ali
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You know you can be your own CA for testing purposes.
 
Marco Ehrentreich
best scout
Posts: 1294
Scala IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Alternatively you could use asymmetric public key cryptography like GPG if you have control over "both ends" of your communication channel. Or you could use a symmetric key to completely encrypt your messages so depending on the data you would be able to detect manipulations as well as protect your data even from being readable by others!

Marco

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic