Questions tagged [integrity]

Integrity is the property of preventing unauthorized modifications of an asset. In other words, integrity protects against the threat of tampering. It is one of the three key security properties of an asset, along with confidentiality and availability.

Integrity is the property of an asset that states that it remains intact. In other words, it requires that only authorized parties are able to modify the data. It is one of the three elements in the classic CIA triad of security properties, alongside confidentiality and availability.

Typical measures to enforce integrity include physical protection (e.g. keeping papers in a locked safe, or writing to read-only media). Cryptography can help maintain integrity; in particular, to verify the integrity of some data, it is enough to compare its hash against a known value (the hash must still be obtained reliably).

293 questions

votes

6 answers

Does SSL/TLS (https) hide the urls being accessed

Suppose I type this in my browser https://www.mysite.com/getsecret?username=alice&password=mysecret and an attacker is watching all traffic from me to my ISP. What information is protected by HTTPS? Is the URL revealed? Are the parameters of the…

tls confidentiality integrity

asked Sep 29 '11 at 12:45

Jus12

1,315
2
11
16

votes

4 answers

Why aren't application downloads routinely done over HTTPS?

We all know we should be using SSL whenever we collect passwords or other sensitive information. SSL provides two main benefits: Encryption: The data can't be read by a middle-man while in transit. Protection against MITM attacks: A man in the…

tls http integrity

asked Aug 18 '12 at 22:37

Tom Marthenal

3,272
4
22
26

votes

4 answers

How to verify the checksum of a downloaded file (pgp, sha, etc.)?

Maybe I have been negligent towards the verification of software I download over the Internet, but I (or anybody I ever met) have never tried to verify the checksum of the contents I download. And because of this, I have no idea about how to verify…

hash man-in-the-middle integrity

asked Jul 05 '18 at 09:20

ThankYouSRT

1,275
3
12
15

votes

1 answer

JSON Web Tokens - How to securely store the key?

I was building a RESTful Web Service when I came across JSON Web Tokens as an alternative to traditional cookies for authentication. The conceptual core of this method is that the server is the only agent that knows the secret key used to digest…

key-management key-generation rest integrity json

asked Apr 29 '15 at 12:56

NMO

votes

2 answers

How does subresource integrity actually help?

Subresource integrity basically lets me know that a resource I'm about to download is valid, because the hash of its contents matches what I expect. But this assumes that I'm already running on some trusted and verified code. If a hacker has…

web-browser integrity validation sub-resource-integrity

asked Sep 10 '18 at 20:22

David says Reinstate Monica

1,108
1
15
20

votes

2 answers

Something is changing my hosts file without asking

First: I can't find any information on this phenomenon, not anywhere on the net. I don't know which application does it, but something in my Windows 7 Home Premium system (fully updated & legal) updates my hosts file. I have UAC enabled. To edit my…

windows integrity file-access

asked Sep 06 '11 at 14:48

Jacob Bruinsma

votes

5 answers

Is unauthorised deletion an integrity or availability issue?

During a web application test I have discovered a parameter tampering issue that allows a user to delete comments left by other users. They can't modify the content of other users' comments, and they can only view them where this is intentional. I'm…

denial-of-service integrity cvss availability

asked Dec 15 '16 at 13:18

paj28

32,736
8
92
130

votes

2 answers

Is Torrent safe for sharing legitimate files (file verification)? Does it use SHA1 or SHA256?

Let's assume that a legitimate torrent file has been safely and successfully downloaded over HTTPS and perhaps even OpenPGP verification was used to verify the integrity of the torrent file. How good are torrent clients against attackers who want to…

integrity torrent

asked Jul 09 '13 at 01:15

user539484

votes

4 answers

Verifying android application integrity from server side

I have android applications (Mobile banking) that connect to my server and do online transactions (via Internet/USSD/SMS), I want to make sure those clients are not tampered with and are the original ones distributed by me. Keep in mind that not all…

android digital-signature integrity trojan tampering

asked Jan 31 '16 at 17:49

Silverfox

3,369
2
19
39

votes

2 answers

Is there a way to verify a binary against the sources?

It seems like there is no practical way to verify the full integrity path of precompiled and packaged software? I can check the downloaded package itself by hashes, but I have no verification if the compiled binaries really represent the public…

source-code integrity binary-code

asked Jul 05 '13 at 12:44

flori

votes

3 answers

Difference between authentication, integrity and data origin authentication

I first thought all these terms were synonyms, but I sometimes see those terms used in the same document. For instance, on MSDN: data origin authentication, which enables the recipient to verify that messages have not been tampered with in…

authentication integrity

asked Jul 07 '15 at 13:34

Jacques

votes

5 answers

How can I ensure my dll has not been modified?

I have an old project in VB which created an unique pc code from MAC address and disc id. This was used to identify a pc so credentials cannot be used between pcs. This project migrated to C#, and I encapsulated this logic in a DLL which simply…

integrity library

asked Apr 21 '15 at 11:36

Vallo

votes

4 answers

Why would a website serve different versions of a file over HTTP and HTTPS?

Here is a link given on curl's official website: (prefix omitted) bintray.com/artifact/download/vszakats/generic/curl-7.46.0-win64-mingw.7z When I downloaded it with prefixes http:// and https:// I got two different files. My question is why is this…

tls hash integrity

asked Dec 28 '15 at 04:28

solarflare97

votes

7 answers

Tripwire - Is it security Theater?

Tripwire type intrusion detection systems supposedly protect your system from rootkits, by monitoring the checksums of important binaries for changes. Let's say I have tripwire configured to run nightly and installed it on a fresh non-rootkitted…

hash ids integrity security-theater

asked Jan 03 '12 at 23:16

dr jimbob

38,768
8
92
161

votes

4 answers

Is signing a file better than issuing a checksum, and does it render a separate checksum useless?

Alternatively, the question could be asked: Does issuing a checksum for a file we sign anyways just duplicate work? Use case: Firmware sent to an IoT device. We sign it, and form a separate checksum for it. My understanding is that this is…

authentication hash integrity code-signing checksum

asked May 05 '22 at 17:40

kmfsousa

2 3

…

19 20 Next