Does having an unencrypted sha-224 checksum create a vulnerability?

Posted by WilliamKF on Stack Overflow See other posts from Stack Overflow or by WilliamKF
Published on 2010-05-16T23:56:43Z Indexed on 2010/05/17 0:00 UTC
Read the original article Hit count: 245

Filed under:

sha1

|

checksum

|

encryption

|

vulnerabilities

If I have a packet of data that is encrypted yet also includes a sha-224 checksum that is not encrypted, am I creating a security vulnerability?

Or perhaps the checksum should be produced after encryption?

© Stack Overflow or respective owner

Related posts about sha1

PBKDF2-HMAC-SHA1

as seen on Stack Overflow - Search for 'Stack Overflow'
To generate a valid pairwise master key for a WPA2 network a router uses the PBKDF2-HMAC-SHA1 algorithm. I understand that the sha1 function is performed 4096 times to derive the PMK, however I have two questions about the process. Excuse the pseudo code. 1) How is the input to the first instance… >>> More
Is it possible to get identical SHA1 hash?

as seen on Stack Overflow - Search for 'Stack Overflow'
Given two different strings S1 and S2 (S1 != S2) is it possible that: SHA1(S1) == SHA1(S2) is True? If yes - with what probability? Is there a upper bound on the length of a string, for which probably of getting duplicates is 0? If not - why not? Thanks >>> More
Is it possible to convert a 40-character SHA1 hash to a 20-character SHA1 hash?

as seen on Stack Overflow - Search for 'Stack Overflow'
My problem is a bit hairy, and I may be asking the wrong questions, so please bear with me... I have a legacy MySQL database which stores the user passwords & salts for a membership system. Both of these values have been hashed using the Ruby framework - roughly like this: hashedsalt = … >>> More
Is there any difference between md5 and sha1 in this situation?

as seen on Stack Overflow - Search for 'Stack Overflow'
It is known that 1. if ( md5(a) == md5(b) ) 2. then ( md5(a.z) == md5(b.z) ) 3. but ( md5(z.a) != md5(z.b) ) where the dots concatenate the strings. What happens in the second row if we change all the md5 to sha1? So: 1. if ( sha1(c) == sha1(d) ) 2. then ( sha1(c.z)… >>> More
iPhone: convert string using HMAC-SHA1

as seen on Stack Overflow - Search for 'Stack Overflow'
hi all, i want to generate HMAC-SHA1 of NSString type variable. I see the post but this method give me error in CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC); and NSString *hash = [HMAC base64Encoding]; line. Please suggest how can I generate the HMAC-SHA1 of any string… >>> More

Related posts about checksum

Recommend software: File checksum calculator

as seen on Super User - Search for 'Super User'
Hi, I'm looking for a light, fast hash/checksum calculator (eg. MD5, SHA1, etc.). I've been using HashCalc and it works fine enough, but I was wondering if there was something better. When downloading .ISOs from MS BizSpark, I've found that it's essential to check the SHA1, and I'm sure that other… >>> More
tcp checksum and tcp offloading

as seen on Stack Overflow - Search for 'Stack Overflow'
i am using raw sockets to create my own socket. i need to set the tcp_checksum. i have tried a lot of references but all are not working (i am using wireshark for testing). could you help me please. by the way, i read somewhere that if you set tcp_checksum=0. then the hardware will calculate the checksum… >>> More
What is the fastest way to create a checksum for large files in C#

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I have to sync large files across some machines. The files can be up to 6GB in size. The sync will be done manually every few weeks. I cant take the filename into consideration because they can change anytime. My plan is to create checksums on the destination PC and on the source PC and than… >>> More
TCP RST Reset Every 5 Minutes on Windows 2003 sp2

as seen on Server Fault - Search for 'Server Fault'
Hey, Recently I had a web developer come to me and ask why he was receiving connection errors in his app that was accessing a sql database. So, I went through my normal trouble shooting steps to isolate or reproduce the issue. I discovered that if I connected to the database using Query Analyzer… >>> More
TimeStamp and mini-ETL (extract, transform, load)

as seen on SQL Blogcasts - Search for 'SQL Blogcasts'
Short example how to use Timestamp for a mini ETL process of your data. example below is following: Table_1 is production table on server1 Table_2 is datawarehouse table on server2 where datawarehouse is located Every day data are extracted, transformed and loaded to dataware house for further off-line… >>> More