1

Topic: MAC vs MIC in scrambled the channel

Let's admit, there is a client and the server, both of them have certificates. They produced TLS-hendshejk in which frames  each other, exchanged keys, selected enciphering parameters, all a rank on a rank. Further they produce an exchange  the traffic. That is, normal TLS with authentification of both sides. In this case, whether usage MAC for each message is superfluous? Why control of integrity of the message by means of more simple primitives (MIC, the digest proof ) is not used simply? What for  __ the message separately? How attack if instead of MAC for each message it will be used MIC can look?

2

Re: MAC vs MIC in scrambled the channel

Hello, the Anonymous author, you wrote: In this case, whether usage MAC for each message is superfluous? Why control of integrity of the message by means of more simple primitives (MIC, the digest proof ) is not used simply? What for  __ the message separately? How attack if instead of MAC for each message it will be used MIC can look? MAC normally it turns out, as almost the free supplement to enciphering of a packet by the block cipher in any reasonable mode. And if it is used block chaining in any type enciphering of the last unit hammered any padding' and gives MAC. I.e., in comparison with the block cipher overhead - enciphering of the superfluous unit. Proof  too suits, but overhead from it much more. As words MIC and  everything can be called, everything, therefore the further reasonings depend on decryption of this term. In early versions WiFi as MIC' it was used CRC32. As it is linear,  that it is possible to change packet contents, without knowing encrypting key, and to correct MIC in appropriate way so that the packet will look "complete". And it opens ample opportunities if to guess (for example, on the size of a packet), in what place in it it is necessary  to achieve interesting results (for example to replace $100 with $999).

3

Re: MAC vs MIC in scrambled the channel

Hello, Pzz, you wrote:> In this case, whether usage MAC for each message superfluous is? Why control of integrity of the message by means of more simple primitives (MIC, the digest proof ) is not used simply? What for  __ the message separately? How attack if instead of MAC for each message it will be used MIC can look? Pzz> MAC normally it turns out, as almost the free supplement to enciphering of a packet by the block cipher in any reasonable mode. And if it is used block chaining in any type enciphering of the last unit hammered any padding' and gives MAC. I.e., in comparison with the block cipher overhead - enciphering of the superfluous unit. Pzz> Proof  too suits with What  the protocol if instead of MAC (which the essence is one-sided conversion from  a key and the crude text) it will be used  (being one-sided conversion from the crude text without any additional keys) will be replenished. Or in other words: what unique useful function carries in itself  a key used in MAC provided that this MAC is allocated in the ciphered part of the message,  it is produced by the reliable cipher and encrypting keys already in advance . Like as in such conditions additional  the key for MAC does not introduce any . (I imply that a key by which the body of the message and a key used for MAC is ciphered are different keys) Pzz> Words MIC and  everything can be called, everything, therefore the further reasonings depend on decryption of this term. Pzz> In early versions WiFi as MIC' it was used CRC32. As it is linear,  that it is possible to change packet contents, without knowing encrypting key, and to correct MIC in appropriate way so that the packet will look "complete". And it opens ample opportunities if to guess (for example, on the size of a packet), in what place in it it is necessary  to achieve interesting results (for example to replace $100 with $999). Under MIC meant ' message integrity code ', CRC32 is basically it and is, but adjusted for  instead of CRC32 it is better to consider .

4

Re: MAC vs MIC in scrambled the channel

Hello, the Anonymous author, you wrote: by What  the protocol if instead of MAC (which the essence is one-sided conversion from  a key and the crude text) it will be used  (being one-sided conversion from the crude text without any additional keys) will be replenished. In sense, simply to apply on the ciphered packet a hash from the non-encoded data, and this  not to cipher in any way? Well, say, if the enemy knows plain text, and enciphering is arranged, as XOR between plain text' and pseudorandom sequence the enemy can change plain text for any another of the same size, and encrypting key for this purpose the nobility not it is necessary to it. And what for generally such perversion? To consider separately  it is more expensive, than to receive MAC as an enciphering by-product. Under MIC meant ' message integrity code ', CRC32 is basically it and is, but adjusted for  instead of CRC32 it is better to consider . In wifi MIC was ciphered. But it did not help it.

5

Re: MAC vs MIC in scrambled the channel

As the variant the channel can be protected and application is compromised the same viruses love  in browsers any windows  where the data is entered

6

Re: MAC vs MIC in scrambled the channel

Hello, Pzz, you wrote: Pzz> Hello, the Anonymous author, you wrote:>> with What  the protocol if instead of MAC (which the essence is one-sided conversion from  a key and the crude text) it will be used  (being one-sided conversion from the crude text without any additional keys) will be replenished. Pzz> In sense, simply to apply on the ciphered packet a hash from the non-encoded data, and this  not to cipher in any way? No. To plaintext to finish gluing  from plaintext and then all it to cipher. On  MAC-then-Encrypt, only to use not MAC and .

7

Re: MAC vs MIC in scrambled the channel

Hello, reversecode, you wrote: R> as variant R> the channel can be protected and application is compromised R> the same viruses love  in browsers any windows  where the data  is entered. I at all do not consider Such variant, if is fair. Against it no protection at transport level helps, including TLS, OTR and other

8

Re: MAC vs MIC in scrambled the channel

Hello, the Anonymous author, you wrote: No. To plaintext to finish gluing  from plaintext and then all it to cipher. On  MAC-then-Encrypt, only to use not MAC and . And it is possible to learn, what for?

9

Re: MAC vs MIC in scrambled the channel

Hello, Pzz, you wrote:> Is not present. To plaintext to finish gluing  from plaintext and then all it to cipher. On  MAC-then-Encrypt, only to use not MAC and . Pzz> And it is possible to learn, what for? Sports interest. By the first reviewing of a question the impression that in described circuit MAC  was made, however all persistently continue to use it. Or they know that that of that is not known by me, or are mistaken. Here, I want to clarify.

10

Re: MAC vs MIC in scrambled the channel

Hello, the Anonymous author, you wrote: Sports interest. By the first reviewing of a question the impression that in described circuit MAC  was made, however all persistently continue to use it. Or they know that that of that is not known by me, or are mistaken. Here, I want to clarify. Because MAC on the basis of AES' it is considered faster, than HASH on the basis of SHA

11

Re: MAC vs MIC in scrambled the channel

Hello, Pzz, you wrote:> with What  the protocol if instead of MAC (which the essence is one-sided conversion from  a key and the crude text) it will be used  (being one-sided conversion from the crude text without any additional keys) will be replenished. Pzz> In sense, simply to apply on the ciphered packet a hash from the non-encoded data, and this  not to cipher in any way? Pzz> well, say, if the enemy knows plain text, and enciphering is arranged, as XOR between plain text' and pseudorandom sequence the enemy can change plain text for any another of the same size, and encrypting key for this purpose the nobility not it is necessary to it. Precisely. Even if to cipher .