[127045] in cryptography@c2.net mail archive
Re: Using a MAC in addition to symmetric encryption
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Sun Jun 29 15:26:19 2008
Date: Sun, 29 Jun 2008 12:31:26 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: eostermueller@yahoo.com
Cc: cryptography@metzdowd.com
In-Reply-To: <978522.42571.qm@web52812.mail.re2.yahoo.com>
At Fri, 27 Jun 2008 07:52:59 -0700 (PDT),
Erik Ostermueller wrote:
> If I exchange messages with a system and the messages are encrypted
> with a symmetric key, what further benefit would we get by using a
> MAC (Message Authentication Code) along with the message encryption?
> Being new to all this, using the encrytpion and MAC together seem
> redundant.
Encryption doesn't necessarily provide integrity.
Consider the case of a stream cipher like RC4, where you have
a function RC4(K) which generates a string of bytes from the
key K.
The encryption function is then:
Ciphertext[i] = RC4(K)[i] XOR Plaintext[i]
It should be apparent that an attacker can make targeted
modifications to the plaintext. Say he knows that plaintext
byte i is 'A' and he wants it to be 'B', he just changed
Ciphertext[i]' = Ciphertext[i] XOR 'A' XOR 'B'. Mission
accomplished.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
