muaddib wrote: |
may the encryption secret key and the HMAC secret key be the same? |
Quote: |
also do you recommend encrypting the HMAC together with the data? |
muaddib wrote: |
if I don't want to have the user input 2 passwords, is there a way to generate the "authentication password" from the "encryption password"? maybe hashing the encryption pass with a different algorithm ? what do you suggest ? |
wtshaw wrote: |
Separate keys are a pain, one way to lose the means of operatingis by losing any one of them. If you follow my logic, requiring stupendious amounts of data and using a good means of generating a runtime version of the key means practically not having to change the key often, much less worrying about repeated use. |
wtshaw wrote: |
Here is an area open for disagreement and discussion, to avalanche or not. It does mean that training wheel security is matched against the chance that they are not needed at all, thus making the protocol itself simpler.
|
Quote: |
Another route instead of a MAC is redundancy if the ciphertext can reveal obvious errors. Indeed, the whole justification for avalanching is gone if there is another way that might be even better, less prejudice rule. |
Dwonis wrote: |
I think wtshaw may be referring to the idea that you can use the pseudorandom-like ("avalanche") properties of a block cipher to detect errors, instead of using a MAC. That is, that block ciphers have ciphertexts with noise-like statictical properties, which makes tampering harder if your plaintext is sufficiently structured or redundant.
|
Quote: |
On the other hand, isn't this structure/redundancy is essentially what you're adding anyway when you include a MAC along with your plaintext? Except, rather than using an ad-hoc structure that may or may not provide adequate integrity protection -- depending on the specific properties of the cipher -- you use a MAC, which has known and (hopefully) well-analyzed security properties. |
wtshaw wrote: |
Data integrity means recovering it under adverse circumstances as well as knowing it is likely true. |
Quote: |
To consider a verification method to be as good or better than a particular cipher is not a small task. |
Quote: |
As I work with interesting bases for good reasons I have discussed elsewhere, I refuse to be prejudiced to the virtures of binary when they largely do not exist. Mathematics demands a rainbow approach and seeing all things in shades of binary yellow simply does not hack it. Cryptography is best served by growing beyond well-named primitive logic and working in more advanced logic. |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours