Using a MAC in addition to symmetric encryption
Eric Rescorla
ekr at networkresonance.com
Sun Jun 29 15:31:26 EDT 2008
At Fri, 27 Jun 2008 07:52:59 -0700 (PDT),
Erik Ostermueller wrote:
> If I exchange messages with a system and the messages are encrypted
> with a symmetric key, what further benefit would we get by using a
> MAC (Message Authentication Code) along with the message encryption?
> Being new to all this, using the encrytpion and MAC together seem
> redundant.
Encryption doesn't necessarily provide integrity.
Consider the case of a stream cipher like RC4, where you have
a function RC4(K) which generates a string of bytes from the
key K.
The encryption function is then:
Ciphertext[i] = RC4(K)[i] XOR Plaintext[i]
It should be apparent that an attacker can make targeted
modifications to the plaintext. Say he knows that plaintext
byte i is 'A' and he wants it to be 'B', he just changed
Ciphertext[i]' = Ciphertext[i] XOR 'A' XOR 'B'. Mission
accomplished.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list