[8292] in cryptography@c2.net mail archive
Re: IBM press release - encryption and authentication
daemon@ATHENA.MIT.EDU (David Wagner)
Sun Dec 17 22:28:03 2000
To: cryptography@c2.net
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 18 Dec 2000 01:14:39 GMT
Message-ID: <91jodv$fj$1@abraham.cs.berkeley.edu>
Reply-To: daw@cs.berkeley.edu (David Wagner)
Enzo Michelangeli wrote:
>OpenPGP tries to detect such "wrong key" situations for
>symmetrically-encrypted packets in a pretty simplistic way, [...]
> The repetition of 16 bits in the 80 bits of random data prefixed to
> the message allows the receiver to immediately check whether the
> session key is incorrect.
This does not provide message integrity or message authentication.
It provides a much weaker property: If you've decrypted with the wrong
key, this will let you detect that fact.
For message integrity or authentication, it seems that you need either
a full-blown MAC or else some scheme like Charanjit Jutla's.
