[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Results of quick survey



Steve Crocker says:
> >Does anyone think it might be worthwhile to authenticate _both_ inside and
> >outside the encryption ?  I.e. HMAC(DES-CBC(HMAC(data)))
> 
> Yes, I wondering the same thing.  And if one is going to authenticate both
> inside and outside, is there an opportunity to share some of the work.

Probably it's a good idea, *if* the "outside" authentication is
cheap "enough" [you tell me what "enough" means here :-]. I'd
see it mostly as anti-clogging measure.

> E.g.other than violating layering rather grossly, what else is wrong with
> computing the hash of the plain text, the hash of the ciphertext and then
> just one signature covering both hashes?  Two hash computations are still
> required, and the receiver could still elect elect to ignore the outer
> hash, but the cost would be lower and the tendency to ignore this outer
> check would be lessened.

Yeah, but where would you put that "double hash"? 

Analysis [in my understanding] would be a true hellish nightmare.

I don't really believe any work can be shared between the "outer" 
and "inner" auth...
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>


References: