"James Yonan" <[EMAIL PROTECTED]> writes:
> What is the best way to authenticate an encrypted packet in a peer-to-peer
> application that uses a symmetric cipher and a shared private key?
Tehre's been a lot of argument about this.
There are some theoretical attacks that suggest that you should
hash the ciphertext, not the plaintext but as long as you use
CBC mode block ciphers you should be fine.
I'd advise you to just use the packet format from SSL.
>(1) and (2) need 2 keys, one for the cipher, and one for the HMAC. Should
>they be the same or different?
Use two different keys, always.
> (2) and (3) benefit from the CBC feedback effects of encrypting the HMAC or
> MD & timestamp first.
> I'd appreciate some feedback from the list on which method is most secure.
>
> I'd like to use (3) but I'm not sure whether an encrypted MD is as secure as
> an HMAC?
Mode (3) is potentially insecure if the attacker can control the
IV. There's only a very small performance benefit to using a digest
instead of HMAC so I would advise doing it.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
