[Cryptography] On the Impending Crypto Monoculture
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Mar 27 06:14:22 EDT 2016
Ray Dillinger <bear at sonic.net> writes:
>The misattribution attack on Encrypt-Then-Mac allows Bob (or Mallory) to
>intercept an encrypted message from anybody to anybody, and with no need to
>decrypt it substitute his own MAC for the original. In security terms this
>is a missing bridge.
In security terms it's a red herring. None of the major users of EtM (IPsec,
SSH, TLS, and S/MIME) are subject to this attack, because you can't substitute
a different MAC for an existing one.
>In the Encrypt-then-MAC world attackers can substitute MACs on messages
>regardless of whether they can decrypt them -
No they can't.
Peter.
More information about the cryptography
mailing list