[Botan-devel] Dubious MinGW error messages
Jack Lloyd
lloyd at randombit.net
Wed Apr 23 11:12:42 EDT 2008
On Tue, Apr 22, 2008 at 06:42:04PM +0200, Hans Mull wrote:
> Can I do that more efficiently in the botanEncrypt(...) pipe declaration?
> Like:
> Pipe pipe
> (
> new Chain(
> new Fork
> (
> get_cipher(cipher, key, iv, ENCRYPTION),
> new Base64_Encoder(),
> new MAC_Filter("HMAC(SHA-1)", mac_key)
> ),new Base64_Encoder())
> );
To base64 encode the ciphertext and MAC but in distinct messages
(so you can delimit them properly, etc):
Pipe pipe(new Fork(
new Chain(get_cipher(/*args*/), new Base64_Encoder),
new Chain(new MAC_Filter(/*args*/), new Base64_Encoder)
));
However this MACs the plaintext rather than the ciphertext! This is
not nearly as safe as computing the MAC over the ciphertext, like so:
Pipe pipe(get_cipher(/*args*/),
new Fork(
new Base64_Encoder,
new Chain(new MAC_Filter(/*args*/), new Base64_Encoder)
));
Here you send all input through the cipher first thing, then split the
message stream, base64-encode one half, and MAC (and base64 encode)
the other.
To understand why it is much safer to MAC the ciphertext (called
Encrypt-then-MAC) than it is to MAC plaintext (Encrypt-and-MAC), a
good paper to read is
http://www-cse.ucsd.edu/users/mihir/papers/oem.html
Regards,
Jack
More information about the botan-devel
mailing list