Re: [cryptography] data integrity: secret key vs. non-secret verifier; and: are we winning? (was: “On the limits of the use cases for authenticated encryption”)

Marsh Ray Wed, 25 Apr 2012 20:31:57 -0700

On 04/25/2012 10:11 PM, Zooko Wilcox-O'Hearn wrote:

It goes like this: suppose you
want to ensure the integrity of a chunk of data. There are at least
two ways to do this (excluding public key digital signatures):


1. the secret-oriented way: you make a MAC tag of the chunk (or
equivalently you use Authenticated Encryption on it) using a secret
key known to the good guy(s) and unknown to the attacker(s).

2. the verifier-oriented way: you make a secure hash of the chunk, and
make the resulting hash value known to the good guy(s) in an
authenticated way.


Is option 2 sort of just pushing the problem around?

What's going on under the hood in the term "in an authenticated way"?

How do you do authentication in an automated system without someonesomewhere keeping something secret?

Is authenticating the hash value fundamentally different from "ensuringthe integrity of a chunk of data"?


- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] data integrity: secret key vs. non-secret verifier; and: are we winning? (was: “On the limits of the use cases for authenticated encryption”)

Reply via email to