general defensive crypto coding principles

Jack Lloyd lloyd at randombit.net
Thu Feb 9 01:13:56 EST 2006


On Thu, Feb 09, 2006 at 05:01:05PM +1300, Peter Gutmann wrote:

> So you can use encrypt-then-MAC, but you'd better be *very*
> careful how you apply it, and MAC at least some of the additional non-message-
> data components as well.

Looking at the definitions in the paper, I think it is pretty clear that that
was their intent. The scheme definitions in section 4 make no provisions for
initialization vectors or any kind of parameterization, so I'm assuming that
they assumed the encryption function will include all that as part of the
output, meaning it will be included as part of the MAC.

-Jack

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list