[Cryptography] Langsec & authentication
Judson Lester
nyarly at gmail.com
Tue May 27 15:30:06 EDT 2014
On Tue, May 27, 2014 at 12:08 PM, Stephan Neuhaus
<stephan.neuhaus at tik.ee.ethz.ch> wrote:
> I think you should treat data to be authenticated as a binary blob. In
> other words, you should authenticate a particular representation of your
> data. If you want to authenticate "what you mean" instead of "what you
> say", you will never get anywhere. Or rather, you will get somewhere,
> but it might not be where you want to be.
But, and this is the other half of my dilemma, authenticating
ambiguous blobs of data opens a giant hole in your MAC system: here's
two documents that mean "re-order coffee" and "nuke North Korea" with
the same MAC. Oops. And while that's theoretically possible
regardless, it becomes much easier to do if there's many many ways to
say "nuke North Korea."
Judson
More information about the cryptography
mailing list