Does the sha-224 unencrypted checksum have a vulnerability?

Question

Does the sha-224 unencrypted checksum have a vulnerability?

If I have a data packet that is encrypted but also includes a sha-224 checksum that is not encrypted, am I creating a security vulnerability?

Or perhaps a checksum should be generated after encryption?

+2

security encryption sha1 checksum

WilliamKF May 16 '10 at 23:56

a source to share

1 answer

Artefacto · Accepted Answer · 2010-05-17T00:05:27+0000

In theory, if the checksum is computed over plain text, it gives out more information about the encrypted data and therefore reduces security. If it is computed by cipher, it does not matter if it is encrypted or not.

In the practice, you could attack the rainbow table. If you need an unencrypted checksum over plain text to verify that the password is correct (i.e. Checksum mismatch = wrong password), make sure you include salt. Otherwise, compute it by cypher, or if you compute it by plain text, add it to the original data and encrypt everything.

EDIT: you don't need a large checksum, I was thinking about the block size of the encryption algorithm ...

Does the sha-224 unencrypted checksum have a vulnerability?

More articles: