Rebuilding TLS, Part 2 — Adding Integrity to the Channel
In the first part of this series, we built our first fake secure channel. We took a simple socket-based client and server, wrapped their communication in AES-CTR with a shared secret key, and got s...
Source: DEV Community
In the first part of this series, we built our first fake secure channel. We took a simple socket-based client and server, wrapped their communication in AES-CTR with a shared secret key, and got something that already looked much more serious than plain TCP. The traffic stopped being transparent. A passive observer could no longer read the request and response directly. That was real progress. But it still had a fatal flaw. The receiver had no way to know whether the encrypted message had been changed on the way. Encryption hid the bytes. It did not protect their meaning. So in this part, we will fix that. We will first add a MAC so the receiver can detect tampering. Then we will make the record layer a little less naive by adding a sequence number. And after that, we will take one more step toward the real world and move to AEAD, because that is how modern secure protocols usually protect records. We still will not have real TLS when we are done. But we will have a much more serious
![[Rust Guide] 1.0. Intro](https://media2.dev.to/dynamic/image/width=1200,height=627,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpfmwmnfjk5ssrdx7z3iq.png)
![[Rust Guide] 1.2. Basic Understanding of Rust and Printing "Hello World"](https://media2.dev.to/dynamic/image/width=1200,height=627,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa4jloljlx1yhq6elgq88.png)
![[Rust Guide] 1.1. Install Rust](https://media2.dev.to/dynamic/image/width=1200,height=627,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5rfmcepvjo9qdg5h2d9w.png)
