John Peter Loh wrote: > Exactly. That's why it's better to have the messages encrypted. But it > will only if every sender has its own key. Authentication at some level > and encryption at the same time.
Encryption by itself, even with independent sender keys, does not provide authentication! Even if an attacker does not have the keys used for encryption, she can still do a lot of things if you don't do authentication properly, or are working under the mistaken assumption that the encryption by itself is providing it for you. What happens when an attacker replays a block, for instance, or simply sends a lot of random data your way, and one of those just happens to decrypt to something you interpret as valid? -- We must remember that we have more power than our enemies to worsen our fate. http://stormwyrm.blogspot.com/ _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
