I recently discovered a way to ensure that a message was not tampered by someone in the middle using a hash function like SHA-256. For my knolage the sender sends the original message with the original message summerized using hash function, Which ensure that a man in the middle cannot change the data because the hashes will not match. The part that I do not understand is that if there is a man in the middle that is tampering the messages why can't he just change the hash as well to match to the changed message?.
Checking data integrity using a hashing function to prevent a MITM attack
283 Views Asked by bob At
1
There are 1 best solutions below
Related Questions in HASH
- How can py tuple implicit cast to int?
- How to properly set hashes in script-src CSP policy header?
- Algorithm for finding the largest common substring for n strings using Rabin-Karp function
- Lua: is there a need to use hash of string as a key in lua tables
- When the key values are the same, the memory limit is exceeded when making a hash join
- Short for creating an array of hashes in powershell malfunction?
- LC347: Top K Frequent Elements; final result returns an extra element in list/array
- Hashing vertices of a Graph in C
- Is there a limit on the message size for SHA3?
- When hashing an API key, should I hash the suffix / prefix as well?
- Cmake error : Configuring incomplete, errors occurred
- murmur3 hashing function in postgres
- Hashing the password if it is not hashed in django
- Order of a set in Python
- Comparing the hash of a file, containing a list of hashes of multiple files instead of each file, is it good?
Related Questions in SHA256
- How to enable hash algorithm SHA-256 for ASP.NET, .NET Framework 4.8?
- abinitio cant decode encoded sha256 value
- SHA 256 VBA for Excel without .netframework
- Cont:Use a RSA public key to generate the corresponding private key in OpenSSL?
- Change Executable Hash Algorithm
- What am I doing wrong when implementing sha256 in Rust?
- Base-64 Encoding of SHA256 in Power Automate
- Python HMAC Digest differs from OpenSSL command
- signingReport tasks yields same SHA-256 on copied Android Studio project
- Java equivalence to php hash
- Getting different hash(sha 256) using solidity and python for same bytes
- Rust SHA-256 checksum
- Checksum of checksums of a local file downloaded from S3 does not match SHA-256 checksum of the remote file
- HMAC/sha256 Token In Postman Pre-Req - Convert From js Sample
- SHA256 Behave Differently In c#
Related Questions in MAN-IN-THE-MIDDLE
- Flutter doctor network recources cant connect to github.com
- Errors while running MITMf
- Flutter doctor, Error in the network resources section
- Error in Network Resources section of flutter doctor
- Client TLS handshake failed. The client does not trust the proxy's certificate Android mitproxy
- Is there a way for me to auto-generate a C++ .dll project based on DUMPBIN /Exports output?
- Checking data integrity using a hashing function to prevent a MITM attack
- Best way to secure microservices and api gateway in offloading pattern
- Proxy-mitm certificate
- How to transform request header such that I don't run into CORS error?
- ignore CERT_AUTHORITY_INVALID error on mitm attack
- How to send form data securely to server without any middle attack
- How to disable ssl pinning in android app using Objection
- Can I Theme, or Change the Title or Appearance, of Mitmweb?
- Is Cookie marked as secure in HTTPS connection?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
It is possible that the man in the middle can modify the body of the request and then calculate the hash as per the new tempered data. but that is only possible when the attacker knows what kind of hashing function is used and what salt is utilized. So to avoid this thing always use public key cryptography to share the salt becuase in this case the salt is considered to be a key and if you hardcode the key at the client side as well server side then at the server side we can consider it secure but the attacker can fetch the hardcoded key and use it for malicious purposes.
So make sure you use the Defie Helman key exchange mechanism for key sharing before applying the hash function on the data for which you want the integrity to be intact.
Hope this answers your question.