I'm using encryption (blowfish symmetric) to send a packet. Is it a bad idea from a security point of view to have a header at the beginning of the packet (that is also encrypted with the rest of the packet) that I can use to verify the packet is valid?
Pseudo code example:
byte[] verificationHeader = [1,2,3,4,5];
receive(packet);
unencrypt(packet);
if (packet.getData().beginswith(verificationHeader)) {
// assume packet is good, try to do something with it
} else {
// drop packet
}
I want to verify it because any other application could be broadcasting in my group and I don't want to get mixed up with other stuff.
Could it potentially help a hacker decrypt my packet?
If it is a bad idea then can you suggest an alternative?
At least in theory, it's a pretty bad idea -- it gives somebody doing a brute-force attack a known "target", so when/if they get the right key the know it (and quickly at that).
At least from a viewpoint of security, it would be much better to leave that part in plaintext. It might be more practical as well -- it saves you from decrypting something if it's not going to be useful anyway.