[8297] in cryptography@c2.net mail archive
Re: IBM press release - encryption and authentication
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Dec 19 11:32:27 2000
Message-ID: <3A3DBA7A.917BBFF8@algroup.co.uk>
Date: Mon, 18 Dec 2000 07:19:22 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: David Wagner <daw@cs.berkeley.edu>
Cc: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
David Wagner wrote:
>
> Enzo Michelangeli wrote:
> >OpenPGP tries to detect such "wrong key" situations for
> >symmetrically-encrypted packets in a pretty simplistic way, [...]
> > The repetition of 16 bits in the 80 bits of random data prefixed to
> > the message allows the receiver to immediately check whether the
> > session key is incorrect.
>
> This does not provide message integrity or message authentication.
> It provides a much weaker property: If you've decrypted with the wrong
> key, this will let you detect that fact.
Padding also does that, of course.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
