[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: risks of MACs associated with packets



> 1) Use IVs on hashes
> 2) Encrypt the authenticators
> 3) Authenticate the ciphertext
> 4) Other

I vote for 2, or maye 3, but strongly feel that the authentication should
be either *over* or *under* the encryption - not halfway.

If you put the cipher IV into the hash (which you NEED to do if authenticating
the ciphertext, anyway - imagine not doing it and having an opponent play
with the IV, especially for CBC), it prevents the sort of repeat attack
you mentioned.
-- 
	-Colin