I have a message that I am moving to myself, which will be subjected to attacks by a man in the middle. Because of this, I am concerned about the integrity of the message, which is maintained between the time I send and the time I received.
It should be assumed that as soon as I send a message to myself, no information about the sent message will be available to me in the future. The message is completely self-sufficient.
To this end, I know that I must contain the contents of the message and compare the hashes before sending the message, and after sending the message, if they differ, then the message has been changed.
Of course, if a person in the middle knows that a hash is just a hash of the message content as it is, then since the message is self-sufficient, it can simply create new content and apply the same hash algorithm for the content.
The question is, at what lengths should I go to randomize the contents of the message when generating the hash? When does it reach a point of diminishing returns?
In this case, I have a set of key / value pairs. To this end, the steps that I know, I must take:
- Add salt to the message. Salt is the secret to the rest of the world. It attaches to the contents of the message before hashing.
- Before generating a hash, sequentially define key / value pairs.
- Although this is not directly relevant, a timestamp will be added to the contents of each message before hashing to prevent repeated attacks.
These are the additional steps that I am considering:
- Convert keys before I order them. I examined their reversal, then ordering the account / key.
- A game with delimiters that separate key / value pairs (both for the delimiter for the key / value and for the delimiter for the pair).
Note
Message privacy is not , so I'm not looking for encryption. Values โโmust be transmitted in plain text.
Finally, what hashing algorithms should I avoid?
Features
I have an ASP.NET MVC site in which I have a controller that handles input validation and persistence.
If (based on heuristics, it doesnโt matter which) the input is defined as an automatic spam attempt, an IDictionary<string, string> model with input values โโis created, and the ViewResult is sent to the CAPTCHA general page.
In this view, in a form containing a CAPTCHA control, the contents of IDictionary<string, string> will be written out in hidden input fields, and the action of the form will be the same action that the content was originally sent to. In this way, MVC can receive values โโupon repeated submitting the form.
Because of this, I cannot encrypt key / value pairs (or maybe I can and should tell me why and how!).
Of course, I need to add another value containing the contents of the hashed message. If this value exists, the controller checks to see if the integrity of the message is maintained, and allows input to be saved if it has one.
Decision
I decided to go with the SignedCms class to the System.Security.Cyrptography.Pkcs namespace, which is a CMS / PKCS # 7 signage and message checker.
To clarify, I created a self-signed certificate with MAKECERT.EXE, and then in my code, I use an example here to digitally sign data:
http://blogs.msdn.com/shawnfa/archive/2006/02/27/539990.aspx
Now you need to save the password on a secure secure secret key, as well as security on the server, which makes it less informative.
I need to add an additional key for the timestamp for repeated attacks, but it will not be too difficult.
The answer is Kalium , not his initial post , but for his subsequent comments, which indicate the path to digital signatures, and ultimately my discovery of how to use them in .NET.
Thanks to everyone who contributed.