Information Security: What is difference between encryption of (message + known number) VS. signing encrypted message?
-
Alice and Bob want to provide users of their bank with self-contained "access token" which would contain identity, permissions, etc. Obviously, it requires signing of message to disable forging random messages, so one can build a token like this: 1) message + HMAC(secret, message) To improve security and privacy, she adds encryption: 2) encrypt(secret1, message) + HMAC(secret2, message) It would seem though, that the same security and authenticity properties could be achieved by just encryption the message with some predefined number/string (doesn't even have to be secret), like this: 3) encrypt(secret, verification + message) where verification is N zero bits. Now upon receiving such token, server decrypts it with secret key and checks if verification part matches N zero bits. If not - we know message is corrupted. Add more zeros to decrease likelihood of error or attack. So option 3 seems to provide same protection for less CPU cycles, yet, i see many applications where option 2 is used for, e.g. "secure cookies". Please, explain what i overlook.
-
Answer:
The reason you can't just include an encrypted verifier is that it does not prevent tampering with some other portion of the message. Say the message were an order for 3 widgets. If I can tamper with the part of the message that contains the number of widgets, I can change the order without altering the verifier. This can be done with cipher block replay or any number of other cryptographic attacks that work on encryption of data. Cryptographic signature, on the other hand, is a keyed cryptographic hash function, so any alteration to the data results in an invalidation of the signature. The other thing to keep in mind is that signature in many cases involves public key cryptography. If Bob is sending Alice an encrypted message, he uses her public key to encrypt it. Only Alice can decrypt it, but anyone can encrypt a different message and replace it. Bob's cryptographic signature works the other way around: only Bob can create it, since it requires his private key, but anyone can verify it with his public key. In the symmetric crypto case, the signature is a keyed hash function like HMAC, and its tamper-resistance is dependent on the secrecy of the signing key. In both cases, though, the entire message is protected with the single signature.
Daniel Miller at Quora Visit the source
Other answers
Option #3 does not provide authenticity. The reason is that the tail end of the encrypted message may be changed, without affecting the "verification" blob you prepended to it. CTR mode is a good example of this. You can flip arbitrary bits and as long as you don't touch the verification blob, the message will decrypt and (falsely) authenticate. The safe way to do this is to MAC the ciphertext, or to use an authenticated encryption mode.
Steve Weis
In your option 3, there is no way to verify integrity of message. Based on your question ( I could be wrong in my assumption of your statement) - you are thinking you can replace "Secret" with "N zero bits". but its not secret its the HMAC - which creates MAC based on key i.e. secret. Authenticated Encryption mode is a good alternate .
Sitaraman Lakshminarayanan
Related Q & A:
- What can I do? "The following message could not be delivered to all recipients?Best solution by Yahoo! Answers
- What to do with the error message "Internet explorer has encountered a problem and needs to close?Best solution by Yahoo! Answers
- What is the difference between PC games in a box vs. jewel case?Best solution by Yahoo! Answers
- What's different about the new LED tv's vs. LCD tv's?Best solution by Yahoo! Answers
- What time pacific time is the super clasico america vs. chivas october 24?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.