[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IVs, summary of discussion
Phil Karn says:
> There is a basic question here: how much are we willing to rely on
> encryption algorithms to also provide authentication, vs using
> separate mechanisms designed specifically for the purpose?
I suggest - very little!
> So how about if we state that authentication is specifically *not* a
> requirement of an encryption algorithm? This is not to say that we
> can't provide a little integrity checking as long as it's "free",
> e.g., by making consistency checks on padding information required by
> various block chaining schemes. But I see no reason to disallow some
> particular encryption scheme just because its ciphertext is more
> vulnerable to modification than some other scheme. If integrity is a
> requirement, then use a scheme like keyed MD5 that is specifically
> designed for that purpose.
Yes, please "divorce" authentication/integrity checking from encryption!
--
Regards,
Uri uri@watson.ibm.com acheron!angmar!uri N2RIU
-----------
<Disclamer>
References: