[127044] in cryptography@c2.net mail archive
Re: Using a MAC in addition to symmetric encryption
daemon@ATHENA.MIT.EDU (Greg Rose)
Sun Jun 29 15:25:48 2008
Date: Sun, 29 Jun 2008 12:07:40 -0700
From: Greg Rose <ggr@qualcomm.com>
To: "eostermueller@yahoo.com" <eostermueller@yahoo.com>
CC: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <978522.42571.qm@web52812.mail.re2.yahoo.com>
Erik Ostermueller wrote:
> If I exchange messages with a system and the messages are encrypted with a symmetric key, what further benefit would we get by using a MAC (Message Authentication Code) along with the message encryption?
> Being new to all this, using the encrytpion and MAC together seem redundant.
One of my favourite papers, by Steve Bellovin, is at
http://www.usenix.org/publications/library/proceedings/sec96/bellovin.html
It shows a number of ways in which IPsec with encryption but no
integrity can fail.
Abstract:
The Internet Engineering Task Force (IETF) is in the process of adopting
standards for IP-layer encryption and authentication (IPSEC). We
describe a number of attacks against various versions of these
protocols, including confidentiality failures and authentication
failures. The implications of these attacks are troubling for the
utility of this entire effort.
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
