RE: Encrypting the IV - again. Was: Re: nonce length

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 4 Feb 2002 07:44:07 -0800
To: Blair Dillaway <blaird@microsoft.com>, Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, reagle@w3.org
Cc: xml-encryption@w3.org
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F409DF650B@vhqpostal.verisign.com>

To put Blair's point more concisely, Encryption protects confidentiality,
any attempt to use encryption alone to protect integrity is doomed to
failure. The same attacks can be performed through manipulation of the
cipher stream.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227

Attachments

application/octet-stream attachment: Phillip_Hallam-Baker__E-mail_.vcf

Received on Monday, 4 February 2002 10:43:46 UTC