Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Encryption
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Integrity protection of Ciphertexts === Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a [[message authentication code]] (MAC) or a [[digital signature]] usually done by a [[Hash function|hashing algorithm]] or a [[Pretty Good Privacy|PGP signature]]. [[Authenticated encryption]] algorithms are designed to provide both encryption and integrity protection together. Standards for [[cryptographic software]] and [[Hardware encryption|hardware to perform encryption]] are widely available, but successfully using encryption to ensure security may be a challenging problem. A single error in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See for example [[traffic analysis]], [[Tempest (codename)|TEMPEST]], or [[Trojan horse (computing)|Trojan horse]].<ref>{{cite web|url=https://usa.kaspersky.com/internet-security-center/threats/trojans#.VV3oaWDTvfY|title=What is a Trojan Virus β Malware Protection β Kaspersky Lab US|date=3 October 2023 }}</ref> Integrity protection mechanisms such as [[message authentication code|MACs]] and [[digital signature]]s must be applied to the ciphertext when it is first created, typically on the same device used to compose the message, to protect a message [[End-to-end principle|end-to-end]] along its full transmission path; otherwise, any node between the sender and the encryption agent could potentially tamper with it. Encrypting at the time of creation is only secure if the encryption device itself has correct [[Key (cryptography)|keys]] and has not been tampered with. If an endpoint device has been configured to trust a [[root certificate]] that an attacker controls, for example, then the attacker can both inspect and tamper with encrypted data by performing a [[man-in-the-middle attack]] anywhere along the message's path. The common practice of [[Transport Layer Security#TLS interception|TLS interception]] by network operators represents a controlled and institutionally sanctioned form of such an attack, but countries have also attempted to employ such attacks as a form of control and censorship.<ref>{{cite news|url=https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html|title=Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully|first1=Mohit|last1=Kumar|date=July 2019|publisher=The Hacker News}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Encryption
(section)
Add topic
