On 9/18/06, Rafael 'Dido' Sevilla <
[EMAIL PROTECTED]> wrote:
John Peter Loh wrote:
> Exactly. That's why it's better to have the messages encrypted. But it
> will only if every sender has its own key. Authentication at some level
> and encryption at the same time.
Encryption by itself, even with independent sender keys, does not
provide authentication! Even if an attacker does not have the keys used
for encryption, she can still do a lot of things if you don't do
authentication properly, or are working under the mistaken assumption
that the encryption by itself is providing it for you. What happens
when an attacker replays a block, for instance, or simply sends a lot of
random data your way, and one of those just happens to decrypt to
something you interpret as valid?
--
We must remember that we have more power than our enemies to
worsen our fate.
http://stormwyrm.blogspot.com/
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
--
John Peter Loh
Phone: +13602267476
Web: http://www.jploh.com/
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
