----- Original Message -----
From: "David Wagner" <[EMAIL PROTECTED]>
Newsgroups: isaac.lists.cryptography
To: <>
Sent: Monday, December 18, 2000 9:14 AM
Subject: Re: IBM press release - encryption and authentication
> Enzo Michelangeli wrote:
> >OpenPGP tries to detect such "wrong key" situations for
> >symmetrically-encrypted packets in a pretty simplistic way, [...]
> > The repetition of 16 bits in the 80 bits of random data prefixed to
> > the message allows the receiver to immediately check whether the
> > session key is incorrect.
>
> This does not provide message integrity or message authentication.
> It provides a much weaker property: If you've decrypted with the wrong
> key, this will let you detect that fact.
Why? It will also let you detect if someone has tampered with the ciphertext
in a block containing the redundant information (or preceding it, unless ECB
is used).
Also, if the identity of the sender is proved by the knowledge of the
encryption key (which was my assumption in the post you quote) a successful
decryption will additionally prove the authenticity of the message.
Enzo
