Re: (Fwd) Authentication and encryption.

[uri@watson.ibm.com]

James P. Hughes says:
> I agree that encryption by itself does not create authentication.

Good! Makes two of us (:-).

> If the encryption is strong and the probability of garbage passing the
> integrity check is low enough (2^-64 or less),
> then the knowledge of the shared
> secret should be authentication of the source. If one can prove
> that to create
> a valid integrity check one must calculate it against the data
> in the clear and
> prove that the attacker must know the key. If you know only the
> sender (and
> you) know the key, then authentication is proven.

I don't think so, because smart attacker could devise methods to
tamper with the data without disturbing a "normal" integrity check,
designed to stop garbage (i.e. not a malicious attack). So it all
boils back again to the issue of how smart an integrity check
should be, and then - whether an application is wiling to
accept that extra burden...

> Why would this not be acceptable for general traffic authentication
> when the traffic is already being encrypted?

Because you don't know what the "real" data should decrypt into.
--
Regards,
Uri         uri@watson.ibm.com      acheron!angmar!uri 	N2RIU
-----------
<Disclamer>

---

Follow-Ups:

• Re: (Fwd) Authentication and encryption.
• From: hughes@hughes.network.com (James P. Hughes)

References:

• (Fwd) Authentication and encryption.
• From: hughes@hughes.network.com (James P. Hughes)

---

• Prev by Date: Re: IVs, summary of discussion
• Next by Date: Re: (Fwd) Authentication and encryption.
• Prev by thread: (Fwd) Authentication and encryption.
• Next by thread: Re: (Fwd) Authentication and encryption.
• Index(es):
  • Main
  • Thread