Authenticated Encryption vs Encrypt-then-MAC
Developers should use Authenticated Encryption when handling sensitive data that requires both privacy and integrity, such as in secure communications (e meets developers should use encrypt-then-mac when building systems that require both data confidentiality and integrity, such as in secure messaging apps, financial transactions, or api communications. Here's our take.
Authenticated Encryption
Developers should use Authenticated Encryption when handling sensitive data that requires both privacy and integrity, such as in secure communications (e
Authenticated Encryption
Nice PickDevelopers should use Authenticated Encryption when handling sensitive data that requires both privacy and integrity, such as in secure communications (e
Pros
- +g
- +Related to: cryptography, symmetric-encryption
Cons
- -Specific tradeoffs depend on your use case
Encrypt-then-MAC
Developers should use Encrypt-then-MAC when building systems that require both data confidentiality and integrity, such as in secure messaging apps, financial transactions, or API communications
Pros
- +It prevents attacks like padding oracle exploits and ensures that any tampering with encrypted data is detected before decryption, making it safer than alternatives like MAC-then-encrypt or encrypt-and-MAC
- +Related to: cryptography, message-authentication-codes
Cons
- -Specific tradeoffs depend on your use case
The Verdict
Use Authenticated Encryption if: You want g and can live with specific tradeoffs depend on your use case.
Use Encrypt-then-MAC if: You prioritize it prevents attacks like padding oracle exploits and ensures that any tampering with encrypted data is detected before decryption, making it safer than alternatives like mac-then-encrypt or encrypt-and-mac over what Authenticated Encryption offers.
Developers should use Authenticated Encryption when handling sensitive data that requires both privacy and integrity, such as in secure communications (e
Disagree with our pick? nice@nicepick.dev