I am using OpenPGP and sending a signed, encrypted file with forced MDC (Modific

Question

I am using OpenPGP and sending a signed, encrypted file with forced MDC (Modification Detection Code) over the network.

In typical file transfer scenarios where security is not in picture, an md5 checksum of file being transferred is sometimes sent along with the original file which can be useful for error detection by comparing checksums.

With signed, encrypted files with Modification Detection Code, process of decryption will immediate tell us if the file has been modified, whether accidentally or maliciously, because message integrity check would fail. With this feature of such encrypted files, is there still any benefit of sending checksum of the encrypted file along with the file?

Explanation / Answer

The MDC spec allows you to request a specific hash. The default, MD5, is now considered deprecated. All MDC implementations are required to support SHA-1. You can also request SHA256 or SHA512.

Assuming you have a sufficiently secure hash in use with MDC, there's no reason to attach another.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.