Using a MAC in addition to symmetric encryption
Jonathan Katz
jkatz at cs.umd.edu
Sun Jun 29 15:51:18 EDT 2008
On Fri, 27 Jun 2008, Erik Ostermueller wrote:
> Hello all,
>
> If I exchange messages with a system and the messages are encrypted with a symmetric key, what further benefit would we get by using a MAC (Message Authentication Code) along with the message encryption?
> Being new to all this, using the encrytpion and MAC together seem redundant.
>
> Thanks,
>
> --Erik Ostermueller
As the other posters have already commented, encryption alone does not
(in general) provide integrity. Furthermore, care must be taken in how
the encryption scheme and the MAC are combined, with
encryption-followed-by-MACing-the-ciphertext being the best choice
unless you know what you are doing. For further discussion, see the
textbook by Katz-Lindell (Section 4.9), and/or the following paper:
http://www-cse.ucsd.edu/users/mihir/papers/oem.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list