Re: [nodejs] Strength of TLS checksums vs TCP checksums
165 views
Skip to first unread message
Sam Roberts
May 15, 2014, 12:59:02 PM5/15/14
to nod...@googlegroups.com
On Thu, May 15, 2014 at 12:34 AM, Joran Dirk Greef <jo...@ronomon.com> wrote:
> I have heard that TCP checksums have a practical probability of not
> detecting corruption in the data packet.
Whether 1 in 16 million is "practical" is pretty debatable.
http://dl.acm.org/citation.cfm?id=347561&dl=GUIDE&coll=GUIDE
> I am trying to find out more about the checksums that TLS uses? I assume
> these provide significantly more protection than TCP checksums? Is an
> application-level checksum still required for better end-to-end protection
> from corruption?
TLS doesn't use "checksums", it uses cryptographic message digests,
which is what you would use in your app layer protocol/data format if
you wanted equivalent levels of protection.
Sam
> I have heard that TCP checksums have a practical probability of not
> detecting corruption in the data packet.
Whether 1 in 16 million is "practical" is pretty debatable.
http://dl.acm.org/citation.cfm?id=347561&dl=GUIDE&coll=GUIDE
> I am trying to find out more about the checksums that TLS uses? I assume
> these provide significantly more protection than TCP checksums? Is an
> application-level checksum still required for better end-to-end protection
> from corruption?
TLS doesn't use "checksums", it uses cryptographic message digests,
which is what you would use in your app layer protocol/data format if
you wanted equivalent levels of protection.
Sam
Sofiane Akermoun
May 15, 2014, 5:37:34 PM5/15/14
to nod...@googlegroups.com
TCP is also a guarantee of data integrity... if we can not trust tcp checksums anymore internet is dead.
2014-05-15 9:34 GMT+02:00 Joran Dirk Greef <jo...@ronomon.com>:
I have heard that TCP checksums have a practical probability of not detecting corruption in the data packet.
I am trying to find out more about the checksums that TLS uses? I assume these provide significantly more protection than TCP checksums? Is an application-level checksum still required for better end-to-end protection from corruption?
--
Job board: http://jobs.nodejs.org/
New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.
To post to this group, send email to nod...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/fed66ec2-7614-499e-909d-252cfd77913e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Sofiane AKERMOUN
ake...@gmail.com
Reply all
Reply to author
Forward
0 new messages