[Botan-devel] Dubious MinGW error messages

Jack Lloyd lloyd at randombit.net
Wed Apr 23 11:12:42 EDT 2008


On Tue, Apr 22, 2008 at 06:42:04PM +0200, Hans Mull wrote:

> Can I do that more efficiently in the botanEncrypt(...) pipe declaration?
> Like:
> Pipe pipe
>     (
>         new Chain(
>         new Fork
>         (
>                 get_cipher(cipher, key, iv, ENCRYPTION),
>                 new Base64_Encoder(),
>                 new MAC_Filter("HMAC(SHA-1)", mac_key)
>         ),new Base64_Encoder())
>     );

To base64 encode the ciphertext and MAC but in distinct messages
(so you can delimit them properly, etc):

Pipe pipe(new Fork(
   new Chain(get_cipher(/*args*/), new Base64_Encoder),
   new Chain(new MAC_Filter(/*args*/), new Base64_Encoder)
   ));

However this MACs the plaintext rather than the ciphertext! This is
not nearly as safe as computing the MAC over the ciphertext, like so:

Pipe pipe(get_cipher(/*args*/),
          new Fork(
                   new Base64_Encoder,
                   new Chain(new MAC_Filter(/*args*/), new Base64_Encoder)
  ));

Here you send all input through the cipher first thing, then split the
message stream, base64-encode one half, and MAC (and base64 encode)
the other.

To understand why it is much safer to MAC the ciphertext (called
Encrypt-then-MAC) than it is to MAC plaintext (Encrypt-and-MAC), a
good paper to read is
http://www-cse.ucsd.edu/users/mihir/papers/oem.html

Regards,
  Jack



More information about the botan-devel mailing list