Using a MAC in addition to symmetric encryption

Greg Rose ggr at
Sun Jun 29 15:07:40 EDT 2008

Erik Ostermueller wrote:
> If I exchange messages with a system and the messages are encrypted with a symmetric key, what further benefit would we get by using a MAC (Message Authentication Code) along with the message encryption?
> Being new to all this, using the encrytpion and MAC together seem redundant.

One of my favourite papers, by Steve Bellovin, is at

It shows a number of ways in which IPsec with encryption but no 
integrity can fail.

The Internet Engineering Task Force (IETF) is in the process of adopting 
standards for IP-layer encryption and authentication (IPSEC). We 
describe a number of attacks against various versions of these 
protocols, including confidentiality failures and authentication 
failures. The implications of these attacks are troubling for the 
utility of this entire effort.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list