|
|
|
|
|
|
by tptacek
4967 days ago
|
|
|
I've answered that already. The MAC allows the cryptosystem to reject messages with corrupted ciphertexts. If you don't do that, it can be possible to use controlled corrupted ciphertexts to learn things about the plaintexts of messages, and not just via CBC padding oracles. |
|
|