Re: Signatures and encryption headers



On 11. Nov, 06:18 h., d...@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)
wrote:
This is known as authenticate-then-encrypt.  Unfortunately it is not
generically secure, meaning that for some encryption methods it is OK but
for some others it is not OK.  Hugo Krawczyk has a paper at CRYPTO on EtA:
it's an eye-opener.  He gives an example of an encryption algorithm that
provides confidentiality (securely) but where authenticate-then-encrypt
is not secure due to the existence of a crazy reaction attack.  It's
pretty wild.  The particular example he gives is artificial but it
illustrates that AtE isn't necessarily secure, so one should be
cautious.  It might be OK for real-world encryption schemes but I'm
not 100% sure about that; I don't know what kind of analysis has been
done.  And in practice maybe we could decide that chosen-ciphertext
attacks are pretty rare so maybe we're arguing over how many angels
can dance on the head of a pin (at least compared to other threats).

Just to be sure did you mean "The Order of Encryption and
Authentication for Protecting Communications (or: How Secure Is
SSL?)." (http://www.iacr.org/archive/crypto2001/21390309.pdf) or are
you reffering to other paper?

Best regards

Martin
.



Relevant Pages

  • Re: Unbreakable Encryption ? Scenarios - What encryption method would be best?
    ... DES is a well-known algorithm so there are good reasons to have a good ... > risk it by storing one of the best possible passwords (or encryption ... > Ok lets say there will be a secure channel but it will happen only ... > because the decrypting method yielded a plain text message and vice ...
    (sci.crypt)
  • Re: [fw-wiz] Re: Firewalls breaking stuff: [Was re: fwtk]
    ... > access to the mail server's private keys and thus the monitor can follow the ... > in a way that's more secure rather than less secure. ... for service level encryption versus VPN access. ... >> reducing bugs reduces the number of sever bugs. ...
    (Firewall-Wizards)
  • Re: Best secure surfing solution
    ... I have set up a service with companies providing secure web ... the product would have to install a keylogger. ... If we caught anyone in> IS or elsewhere in our company sniffing our communications, even if they> were encrypted, they'd get laid off or, at least, suspended. ... If e-mails are sensitive then> the sender should be using encryption. ...
    (sci.crypt)
  • Re: Best secure surfing solution
    ... I have set up a service with companies providing secure web ... the product would have to install a keylogger. ... If we caught anyone in> IS or elsewhere in our company sniffing our communications, even if they> were encrypted, they'd get laid off or, at least, suspended. ... If e-mails are sensitive then> the sender should be using encryption. ...
    (alt.computer.security)
  • Re: Symmetric encryption algorithm with group like properties
    ... >> Solutions that exist today are not as secure as they can be. ... I wouldn't expect more than PGP / GPG type encryption, ... > versions - with the key, protected by RSA encryption under a RSA public key ... > Alice needs a secure decryption mechanism to read her emails, ...
    (sci.crypt)