|
|
|
|
|
|
by CodesInChaos
2036 days ago
|
|
|
End-to-end MACs don't help because the recipient knows the key and thus can generate a valid MAC on a fake message. But there are plenty of other ways to implement this. Digital signatures. Or if facebook stores the ciphertext, the recipient could simply reveal the decryption key for the message. Or facebook could compute a MAC over the ciphertext with a key neither participant knows, then the recipient could reveal the ciphertext and decryption key, and facebook could verify the outer MAC to verify authenticity. |
|
|