Re: Using a MAC in addition to symmetric encryption
Erik Ostermueller wrote: If I exchange messages with a system and the messages are encrypted with a symmetric key, what further benefit would we get by using a MAC (Message Authentication Code) along with the message encryption? Being new to all this, using the encrytpion and MAC together seem redundant. One of my favourite papers, by Steve Bellovin, is at http://www.usenix.org/publications/library/proceedings/sec96/bellovin.html It shows a number of ways in which IPsec with encryption but no integrity can fail. Abstract: The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encryption and authentication (IPSEC). We describe a number of attacks against various versions of these protocols, including confidentiality failures and authentication failures. The implications of these attacks are troubling for the utility of this entire effort. Greg. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Using a MAC in addition to symmetric encryption
At Fri, 27 Jun 2008 07:52:59 -0700 (PDT), Erik Ostermueller wrote: If I exchange messages with a system and the messages are encrypted with a symmetric key, what further benefit would we get by using a MAC (Message Authentication Code) along with the message encryption? Being new to all this, using the encrytpion and MAC together seem redundant. Encryption doesn't necessarily provide integrity. Consider the case of a stream cipher like RC4, where you have a function RC4(K) which generates a string of bytes from the key K. The encryption function is then: Ciphertext[i] = RC4(K)[i] XOR Plaintext[i] It should be apparent that an attacker can make targeted modifications to the plaintext. Say he knows that plaintext byte i is 'A' and he wants it to be 'B', he just changed Ciphertext[i]' = Ciphertext[i] XOR 'A' XOR 'B'. Mission accomplished. -Ekr - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Using a MAC in addition to symmetric encryption
On Fri, 27 Jun 2008, Erik Ostermueller wrote: Hello all, If I exchange messages with a system and the messages are encrypted with a symmetric key, what further benefit would we get by using a MAC (Message Authentication Code) along with the message encryption? Being new to all this, using the encrytpion and MAC together seem redundant. Thanks, --Erik Ostermueller As the other posters have already commented, encryption alone does not (in general) provide integrity. Furthermore, care must be taken in how the encryption scheme and the MAC are combined, with encryption-followed-by-MACing-the-ciphertext being the best choice unless you know what you are doing. For further discussion, see the textbook by Katz-Lindell (Section 4.9), and/or the following paper: http://www-cse.ucsd.edu/users/mihir/papers/oem.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
