>Given the history I think that authentication and encryption in one operation needs to be considered as a separate algorithm rather >than supporting mix 'n match schemes. Most authentication with encryption schemes will fail with RC4 and similarly constructed >ciphers.
Phill,
I am not a crypto expert so, maybe there is a misunderstanding.
What I am proposing is not an authentication scheme. It is simply an message digest of the cleartext to detect tampering of the encrypted text. And it is useful in the very specific scenario as follows:
- the decrypting party does not have access to only part of the document
- it is considered too expensive to appy PK signatures on individual parts of the doc
- the party that can decrypt the encryption-key, does not have access to the encrypted data. The party that has access to the encrypted data cannot decrypt the encryption-key.
The above scenario exists in a system where a separate central authorization server controls access to encrypted distributed data
Your suggestion for MAC will also work but has the following (minor) diadavantages:
- the encryption key must be reused for the MAC or a separate secret key must be used
- the Signature element is relatively verbose.
Received on Wednesday, 17 January 2001 13:08:37 UTC