Specifically I am interested in symmetric-key cryptography. I understand that at

Question

Specifically I am interested in symmetric-key cryptography. I understand that attackers may modify cryptographic messages and the resulting decryption will be an altered message, MACs are designed to solve this. I read that one should create the cryptogram then generate a MAC from the cryptogram and send them together.

My question is why couldn't one simply append the original unencrypted message with a cryptographic hash of the original message and then encrypt them together? Then the receiver could decrypt both and verify the hash. If the cryptogram was altered the internal hash would no longer match and wouldn't it be hard to alter the message and/or internal hash such that they remain consistent since they are both encrypted?

Explanation / Answer

I just became familiar with the Padding Oracle attack outlined in the article you linked, and I believe you answered your own question. If the Padding Oracle attack can lead to full discovery of the plain-text, encrypting the unencrypted message message AND the hash would still require padding, and thusly make it vulnerable to discovery.

To implement both, you would probably want to hash the original message, append them together, encrypt it, and then hash the resulting ciphertext and append that to your encrypted combination. That would achieve what you want, but it seems to be a lot of work when the original solution seems perfectly acceptable.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.