Differences

This shows you the differences between two versions of the page.

--- mywiki:encryption:encryption:start [2015/11/24 07:53] – [Common Terms] shaoguoh
+++ mywiki:encryption:encryption:start [2019/09/15 18:55] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 Encryption
-^ Reference | [[https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation | Block Cipher mode]] |
+^ Reference | [[https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation | Cipher Introduction in simple way]] |
 ====== Ciphers ======
@@ Line 28: / Line 28: @@
 | digital signatures |
 | message authentication codes (MACs) |
-|
+====== Default Hash vs HMAC ======
+| Default hash | without key |
+| HMAC | with key |
+If you're using a simple hash of a file to guarantee file-integrity, then an attacker could modify the file, re-calculate the hash of the modified file, and replace the old hash with the modified one.
+With a HMAC, a key is used when calculating the hash value, so unless the attacker has the key, they're unable to calculate a valid hash value of the modified data.
 ====== IPSEC ======
@@ Line 59: / Line 67: @@
     - AES-GMAC 128, 192, and 256
     - AES-GCM 128, 192, and 256
+IPSEC features:
+  - Data confidentiality—The IPSec sender can encrypt packets before transmitting them across a network.
+  - Data integrity—The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
+  - Data origin authentication—The IPSec receiver can authenticate the source of the IPSec packets sent. This service is dependent upon the data integrity service.
+  - Antireplay—The IPSec receiver can detect and reject replayed packets.
+===== IPSEC anti-replay in Linux =====
+static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)