Explore >> Select a destination
|
You are here 
|
neilmadden.blog | ||
| | | | |
blog.cryptographyengineering.com
|
|
| | | | | In general I try to limit this blog to posts that focus on generally-applicable techniques in cryptography. That is, I don't focus on the deeply wonky. But this post is going to be an exception. Today, I'm going to talk about a topic that most "typical" implementers don't -- and shouldn't -- think about. Specifically:... | |
| | | | |
jbp.io
|
|
| | | | | ||
| | | | |
eprint.iacr.org
|
|
| | | | | We study the question of how to generically compose {\em symmetric} encryption and authentication when building ``secure channels'' for the protection of communications over insecure networks. We show that any secure channels protocol designed to work with any combination of secure encryption (against chosen plaintext attacks) and secure MAC must use the encrypt-then-authenticate method. We demonstrate this by showing that the other common methods of composing encryption and authentication, including the authenticate-then-encrypt method used in SSL, are not generically secure. We show an example of an encryption function that provides (Shannon's) perfect secrecy but when combined with any MAC function under the authenticate-then-encrypt method yields a total... | |
| | | | |
truss.works
|
|
| | | At this point, if you haven't had a password leaked as part of a hack, you probably know someone who has. Here are some key lessons on how to better protect yourself and your data. | ||
