I need to transport multiple very large files over an unstable and untrusted network, and the file contents are outputted as a data stream. I wanted to use OpenSSL for streaming authenticated encryption, but they purposefully don’t support that and are preachy about it.

Well, it turns out that XZ has checksumming built-in! It even has different algorithms (CRC32, CRC64, and SHA256). It’s part of the same file, within/before the encryption, and automatically verified by the decompression tool. I’m already using XZ for compression before encryption, so this is just super convenient and useful. Also, it seems like XZ supports threaded decompression now, when it didn’t before. Thanks XZ devs!

You are viewing a single thread.
View all comments
14 points
*

untrusted network

What stops the network operator from modifying the data and the checksum? Do you transfer the checksum out of band?

permalink
report
reply
7 points
*

I’m not a cryptographer (so maybe this is wrong), but my understanding is that although it’s possible to modify the cipher text, how those changes modify the plaintext are very difficult (or impossible) to predict. That can still be an attack vector if the attacker knows the structure of the plaintext (or just want to break something), but since the checksum is also encrypted, the chances that both the original file and checksum could be kept consistent after cipher text modification is basically zero.

permalink
report
parent
reply
3 points

A checksum and a digital signature aren’t the same thing. If you have a data block and a checksum of the data block, the data block can be modified and a new checksum can be computed to reflect the modifications. Instead of a checksum would be a digital signature using an asymmetric key. The data block would be modified but the signature of that block can’t be recomputed without the key used to sign it, which is not part of the transfer.

permalink
report
parent
reply
2 points

The data block would be modified but the signature of that block can’t be recomputed without the key used to sign it

Isn’t that also true of an encrypted checksum, though? For some plaintext block q there is a checksum r, but the attacker can only see and modify the encrypted q (Q) and encrypted r (R). How any change to Q would modify q (and R to r) can’t be known without knowing the encryption key, but the attacker would need to know that in order to keep q and r consistent.

permalink
report
parent
reply
10 points

Wouldn’t be possible afaict, the encryption masks the xz archive which contains the checksum metadata. If the data is modified, decryption & extraction will simply fail.

The data will be undecipherable to a mitm anyway since it’s encrypted, the only real risk imo would be someone modifying the encrypted data in transit to attempt a zero day targeting the decryption process… chances of which are probably really low lol

permalink
report
parent
reply

Open Source

!opensource@lemmy.ml

Create post

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Community stats

  • 3.9K

    Monthly active users

  • 1.8K

    Posts

  • 30K

    Comments