Re: What does the MAC in IES or ECIES achieve ?
- From: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>
- Date: Tue, 31 Oct 2006 11:49:56 +0000 (UTC)
<fabrice.gautier@xxxxxxxxx> wrote:
Okay, so obviously, with the MAC in IES, I can detect if the ciphertext
has been tampered with.
But since IES doesnt provide authentication anyway (the sender doesnt
even need a Public Key), what good does that do?
The idea is that if I can make a "meaningful" change in one ciphertext,
perhaps I can get you to act on the content of the new ciphertext in
such a way that I get information about the old ciphertext.
Consider the following message: The secret code is "xxxx", send the
stuff to "yyyy". I don't know "xxxx", but I know the format of the
message. If I can change "yyyy" to "zzzz" by changing the ciphertext,
I can cause bad things to happen.
BTW. I've found that all real-world examples of this kind are usually
very unlikely. But if you go to the world of protocols, there are much
more realistic examples: If you know the Needham-Schroeder-Lowe protocol,
consider what happens when you use DHIES with no MAC and a stream cipher.
Attacking NSL is then very easy.
--
Kristian Gjøsteen
.
- References:
- What does the MAC in IES or ECIES achieve ?
- From: fabrice . gautier
- Re: What does the MAC in IES or ECIES achieve ?
- From: Kristian Gjøsteen
- Re: What does the MAC in IES or ECIES achieve ?
- From: fabrice . gautier
- What does the MAC in IES or ECIES achieve ?
- Prev by Date: Re: Another Dumb Idea for Debunking...
- Next by Date: Re: MD5 for passwords
- Previous by thread: Re: What does the MAC in IES or ECIES achieve ?
- Next by thread: MD5 for passwords
- Index(es):
Relevant Pages
|
|
