On Fri, Feb 20, 2004 at 03:52:00PM -0700, Swaminathan P wrote: > Hi, > Can someone help me with info on this question? > Is there some significance to encrypt the MAC along with the message? > Is there some pitfall in leaving the MAC in the cleartext and encrypt the > message alone... > > thanks, > swami
the MAC was introduced to detect modified ciphertext. The problem could be introduced best with a stream cipher (RC4) that XORs data stream with the key-derived stream. Someone might not need to know all the original data but just to flip a bit at the known position. The example might be acquirer' response regarding authorization status obtained on known-invalid credit card data. Without a MAC, one could XOR one bit of the encrypted response and have the goods shipped. Using MAC on ciphertext, one could let (grant) the power to detect such an attack without accessing encrypted data. For completeness, one might also use MAC on cleartext: running quite a sensitive (sometimes fragile) operation without checking the input first. regards, Vadim ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
