Jeroen Massar wrote:
On Thu, 2005-08-11 at 20:17 +0200, David Srbecky wrote:
Out of curiosity, is there any difference between
preference=sign,encrypt and preference=encrypt,sign ? I mean, does the
order matter? Can you both sign encrypted message and encrypt signed
message? (Where the later means that you can not verify signature until
you decrypt the message)
* encrypt(sign(message))
The receiver is the only one being able to read it and knows it comes
from you.
* sign(encrypt(message))
This allows one to send a message, encrypted to another person, that
person sees you send it, because of the signature, and that person can
only read it, because of the crypt.
Advantage here for privacy freaks: the receiver can never prove that the
received message (cleartext) was sent by you. The person can only show
the encrypted form, which doesn't tell a thing, unless that person shows
in public that the person decrypts it, which nicely shows everybody that
that person is telling some secret from you to the world. Of course if
that person doesn't care about the latter then you are still stuffed,
nothing to repudiate.
More importantly, perhaps, Krawczyk has shown that, in general, sign
then encrypt is insecure.
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff