[19905] in cryptography@c2.net mail archive
Re: general defensive crypto coding principles
daemon@ATHENA.MIT.EDU (Jack Lloyd)
Thu Feb 9 09:42:39 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 9 Feb 2006 01:13:56 -0500
From: Jack Lloyd <lloyd@randombit.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <E1F72zR-0002Xu-00@medusa01.cs.auckland.ac.nz>
On Thu, Feb 09, 2006 at 05:01:05PM +1300, Peter Gutmann wrote:
> So you can use encrypt-then-MAC, but you'd better be *very*
> careful how you apply it, and MAC at least some of the additional non-message-
> data components as well.
Looking at the definitions in the paper, I think it is pretty clear that that
was their intent. The scheme definitions in section 4 make no provisions for
initialization vectors or any kind of parameterization, so I'm assuming that
they assumed the encryption function will include all that as part of the
output, meaning it will be included as part of the MAC.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
