Y
Hacker News
new
|
ask
|
show
|
jobs
by
icanhasfay
4172 days ago
Obligatory Doom principle link.
http://www.thoughtcrime.org/blog/the-cryptographic-doom-prin...
Encrypt Then Authenticate, dammit!
1 comments
meowface
4172 days ago
Or, from the inverse perspective: always authenticate and/or verify the integrity of data before processing it at all, whether that processing be decryption, string manipulation, or otherwise.
link
StavrosK
4172 days ago
Which you can't do if the MAC is within the encrypted message.
link
meowface
4172 days ago
Of course. EtM is the only way to go. Just saying it can be applied to other areas, too.
link