What is the best way to authenticate an encrypted packet in a peer-to-peer application that uses a symmetric cipher and a shared private key?
I can think of several ways such as: (1) HMAC(CBC(timestamp, plaintext)), CBC(timestamp, plaintext) (2) CBC(HMAC(timestamp, plaintext), timestamp, plaintext) (3) CBC(MD(timestamp, plaintext), timestamp, plaintext) CBC is the CBC mode of some block cipher, HMAC is a keyed message digest, MD is a plain message digest, and timestamp is to protect against replay attacks. (1) Takes the HMAC of the ciphertext and prepends it to the ciphertext prior to transmission. (2) Takes the HMAC of the plaintext, prepends the HMAC to the plaintext, then encrypts the HMAC and plaintext together. (3) is like (2) but uses an unkeyed message digest instead of the HMAC since it will be encrypted together with the message. (1) and (2) need 2 keys, one for the cipher, and one for the HMAC. Should they be the same or different? (2) and (3) benefit from the CBC feedback effects of encrypting the HMAC or MD & timestamp first. I'd appreciate some feedback from the list on which method is most secure. I'd like to use (3) but I'm not sure whether an encrypted MD is as secure as an HMAC? Thanks! James Yonan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]