<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">On 31.07.2018 on 00:15 Philipp <<a href="mailto:pg@futureware.at">pg@futureware.at</a>> wrote:<br><div><br></div><blockquote type="cite"><blockquote type="cite" cite="mid:D87C4EF9-3C77-4F20-A4D7-6B5A436C48F1@guru.at">
<font class="" size="1" face="Andale Mono"></font></blockquote>
What I personally really don't like is that people call Xor
one-time-pads as "perfect encryption" or "perfect security". From my
point of view, encryption should provide both secrecy and at least
to some degree integrity.<br>
Xor one-time pads only provides secrecy, but no integrity. If people
would call it just "perfect secrecy", I wouldn't mind, but calling
it "perfect security" is misleading from my point of view.<br>
<br>
Anyone can tamper the encrypted data, and for guessable structures
like email-headers and things like that, it's quite possible to
guess clear-text parts and simply replace them by xoring the
ciphertext with the xor difference of what you guess it means and
the thing you want it tampered with.<br>
<br>
Good encryption modes should provide both secrecy, integrity
(tamper-evidence to be exact) and perhaps even authentication,
depending on the application.<br>
</blockquote><br><div>Hi Philip!</div><div><br></div><div>Perfect encryption is correct, also that perfect encryption is NOT enough for security. For integrity purposes, other means my also apply, or use cryptographic methods to detect alteration, but that is not encryption, or only partially.</div><div>You can put all these together in one application, but the functions and the methods you use, be separate.</div><div><br></div><div>Kindest regards</div><div>— </div><div>Grisu</div></body></html>