Enzo Michelangeli wrote: >OpenPGP tries to detect such "wrong key" situations for >symmetrically-encrypted packets in a pretty simplistic way, [...] > The repetition of 16 bits in the 80 bits of random data prefixed to > the message allows the receiver to immediately check whether the > session key is incorrect. This does not provide message integrity or message authentication. It provides a much weaker property: If you've decrypted with the wrong key, this will let you detect that fact. For message integrity or authentication, it seems that you need either a full-blown MAC or else some scheme like Charanjit Jutla's.
- Re: IBM press release - encryption ... Greg Rose
- Re: IBM press release - encryp... Nikita Borisov
- Re: IBM press release - encryption and authenti... Rich Salz
- Re: IBM press release - encryption and auth... Bram Cohen
- Re: IBM press release - encryption and auth... Paul Crowley
- Re: IBM press release - encryption and authenticatio... Steven M. Bellovin
- Re: IBM press release - encryption and authenti... Enzo Michelangeli
- Re: IBM press release - encryption and auth... Nikita Borisov
- Re: IBM press release - encryption and ... Bram Cohen
- Re: IBM press release - encryption and ... Enzo Michelangeli
- Re: IBM press release - encryption ... David Wagner
- Re: IBM press release - encryp... Enzo Michelangeli
- Re: IBM press release - encryp... Ben Laurie
- Re: Re: IBM press release - encryption and authentic... sao19677
- Re: IBM press release - encryption and authenticatio... Nikita Borisov
- Re: IBM press release - encryption and authenticatio... William Allen Simpson
- Re: IBM press release - encryption and authenti... David Wagner
- Re: IBM press release - encryption and auth... William Allen Simpson
