Discussion: the purpose of a checksum

paragonie / EasyRSA

Simple and Secure Wrapper for phpseclib

https://paragonie.com

MIT License

198 stars 34 forks source link

Closed zerkms closed 8 years ago

zerkms commented 8 years ago

In the \ParagonIE\EasyRSA\EasyRSA::encrypt you're calculating a checksum as

        $checksum = \substr(
            \hash('sha256', $packaged),
            0,
            16
        );

What is the purpose for that? Especially that it does not contain any secret part.

Is it simply against data corruption? Just to avoid even trying to decrypt it when data was corrupted during transmission?

paragonie-scott commented 8 years ago

The total message format is:

V || K || M || C

Where:

V is the version tag
K is the RSA-encrypted key
M is the encrypted message (authenticated encryption provided by defuse/php-encryption)
C is a checksum of V || K || M.

Is it simply against data corruption? Just to avoid even trying to decrypt it when data was corrupted during transmission?

Yep. It's not meant to replace a MAC.