Erik Ostermueller wrote:
If I exchange messages with a system and the messages are encrypted with a 
symmetric key, what further benefit would we get by using a MAC (Message 
Authentication Code) along with the message encryption?
Being new to all this, using the encrytpion and MAC together seem redundant.

One of my favourite papers, by Steve Bellovin, is at

It shows a number of ways in which IPsec with encryption but no integrity can fail.

The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encryption and authentication (IPSEC). We describe a number of attacks against various versions of these protocols, including confidentiality failures and authentication failures. The implications of these attacks are troubling for the utility of this entire effort.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to