I need to transport multiple very large files over an unstable and untrusted network, and the file contents are outputted as a data stream. I wanted to use OpenSSL for streaming authenticated encryption, but they purposefully don’t support that and are preachy about it.

Well, it turns out that XZ has checksumming built-in! It even has different algorithms (CRC32, CRC64, and SHA256). It’s part of the same file, within/before the encryption, and automatically verified by the decompression tool. I’m already using XZ for compression before encryption, so this is just super convenient and useful. Also, it seems like XZ supports threaded decompression now, when it didn’t before. Thanks XZ devs!

  • ReversalHatchery@beehaw.org
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    untrusted network

    What stops the network operator from modifying the data and the checksum? Do you transfer the checksum out of band?

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Wouldn’t be possible afaict, the encryption masks the xz archive which contains the checksum metadata. If the data is modified, decryption & extraction will simply fail.

      The data will be undecipherable to a mitm anyway since it’s encrypted, the only real risk imo would be someone modifying the encrypted data in transit to attempt a zero day targeting the decryption process… chances of which are probably really low lol

    • JuxtaposedJaguar@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I’m not a cryptographer (so maybe this is wrong), but my understanding is that although it’s possible to modify the cipher text, how those changes modify the plaintext are very difficult (or impossible) to predict. That can still be an attack vector if the attacker knows the structure of the plaintext (or just want to break something), but since the checksum is also encrypted, the chances that both the original file and checksum could be kept consistent after cipher text modification is basically zero.