For ssh packets, what is the advantage, if any, of not including the mac in the scope of the packet encryption?
Answers
Answered by
3

The MAC is NOT redundant.
As alluded to by Paŭlo Ebermann's comment, the word authentication has a different meaning in the two scenarios you mentioned.
In the key exchange phase of SSH, the purpose of authentication is to ensure to both parties that they are indeed talking to the right peer (if using mutual authentication). Typically, the server authenticates itself using its public key and the client uses a username and password.
In the SSH record layer phase (i.e., the sending of the actual application data), the purpose of authentication is to protect each individual data packet from tampering. This is achieved using the MAC. To encrypt application data SSH typically uses either AES incounter mode or in CBC mode. Neither of these modes of operation provides protection against tampering of the ciphertext. Thus they need to be accompanied with a MAC in order to detect this.
Consider e.g., the silly example where Alice sends the following message encrypted using AES in counter mode, but without any MAC:
The MAC is NOT redundant.
As alluded to by Paŭlo Ebermann's comment, the word authentication has a different meaning in the two scenarios you mentioned.
In the key exchange phase of SSH, the purpose of authentication is to ensure to both parties that they are indeed talking to the right peer (if using mutual authentication). Typically, the server authenticates itself using its public key and the client uses a username and password.
In the SSH record layer phase (i.e., the sending of the actual application data), the purpose of authentication is to protect each individual data packet from tampering. This is achieved using the MAC. To encrypt application data SSH typically uses either AES incounter mode or in CBC mode. Neither of these modes of operation provides protection against tampering of the ciphertext. Thus they need to be accompanied with a MAC in order to detect this.
Consider e.g., the silly example where Alice sends the following message encrypted using AES in counter mode, but without any MAC:
Similar questions
Social Sciences,
7 months ago
Math,
7 months ago
Business Studies,
1 year ago
India Languages,
1 year ago