Mac in SSL record Protocol

Source: Internet
Author: User

The SSL message is encrypted. Why do I need a Mac? Will someone modify the message? If someone is afraid of modifying the message, can I add a digest? Why Mac? This is for fear of offline attacks. We can trust the protocol, but cannot trust encryption.Algorithm, Especially the ECB encryption algorithm.

MAC = hash [Shared-key, serial-num, data], Mac can prevent replay attacks and maintain data integrity, even if the ECB encryption algorithm is used to cause a part of the content to be guessed, the attacker cannot re-calculate the MAC value because she does not have a key and cannot use only one digest, especially in non-grouped encryption algorithms such as sequential encryption algorithms, attackers can use various methods to know part of the plain text without having to know the key. If she knows some of the messages in plain text and modifies them through various strange means, she probably calculated the digest value in a more strange way, and then replaced the original package in a more strange way. However, if a Mac is used, she cannot do this without knowing the key, and a factor in MAC computing is the serial number, which can also prevent replay attacks, therefore, Mac in SSL protects the integrity of data records to the maximum extent, while key encryption ensures the confidentiality of data records.
In short, the Mac security lies in the introduction of a private key to calculate the abstract. Theoretically, as long as the private key is exposed, the Mac attack is possible, this method is generally used offline. Therefore, the best protection is to constantly update the password and change the password before the offline attack is successful, without giving attackers any chance. In addition, there is no other...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.