At Fri, 27 Jun 2008 07:52:59 -0700 (PDT), Erik Ostermueller wrote: > If I exchange messages with a system and the messages are encrypted > with a symmetric key, what further benefit would we get by using a > MAC (Message Authentication Code) along with the message encryption? > Being new to all this, using the encrytpion and MAC together seem > redundant.
Encryption doesn't necessarily provide integrity. Consider the case of a stream cipher like RC4, where you have a function RC4(K) which generates a string of bytes from the key K. The encryption function is then: Ciphertext[i] = RC4(K)[i] XOR Plaintext[i] It should be apparent that an attacker can make targeted modifications to the plaintext. Say he knows that plaintext byte i is 'A' and he wants it to be 'B', he just changed Ciphertext[i]' = Ciphertext[i] XOR 'A' XOR 'B'. Mission accomplished. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
