Following are some guidelines for using data integrity cryptography mechanisms, which are similar to those for confidentiality mechanisms:
■ Carefully evaluate the need for integrity and enforce only where justified by potential threats.
■ Use the strongest available mechanisms for integrity, but take the performance effects into account.
■ Use only established and well-known cryptographic algorithms.
For example, consider an organization that must transmit stock market data over the Internet. Confidentiality is not its main concern; rather, its primary risk lies in the possibility of an attacker changing data in transit and presenting false stock market data to the organization. Because e-mail is the organization's preferred data exchange application, it decides to implement digital signatures of all e-mail messages when exchanging data among partners over the Internet.
Was this article helpful?