SGH_WIKI

User Tools

Site Tools

Trace: ip_routing
mywiki:encryption:encryption:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
mywiki:encryption:encryption:start [2015/11/24 07:58] – [IPSEC] shaoguohmywiki:encryption:encryption:start [2019/09/15 18:55] (current) – external edit 127.0.0.1
Line 1: Line 1:
 Encryption Encryption
  
-^ Reference | [[https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation | Block Cipher mode]] |+^ Reference | [[https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation | Cipher Introduction in simple way]] |
  
 ====== Ciphers ====== ====== Ciphers ======
Line 28: Line 28:
 | digital signatures | | digital signatures |
 | message authentication codes (MACs) | | message authentication codes (MACs) |
- 
  
 +
 +====== Default Hash vs HMAC ======
 +
 +| Default hash | without key |
 +| HMAC | with key |
 +
 +If you're using a simple hash of a file to guarantee file-integrity, then an attacker could modify the file, re-calculate the hash of the modified file, and replace the old hash with the modified one. 
 +
 +With a HMAC, a key is used when calculating the hash value, so unless the attacker has the key, they're unable to calculate a valid hash value of the modified data.
  
 ====== IPSEC ====== ====== IPSEC ======
Line 67: Line 75:
   - Antireplay—The IPSec receiver can detect and reject replayed packets.   - Antireplay—The IPSec receiver can detect and reject replayed packets.
  
 +
 +===== IPSEC anti-replay in Linux =====
 +static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
  
  
mywiki/encryption/encryption/start.1448323110.txt.gz · Last modified: (external edit)