Is encryption useless without authentication?

by Gene Michael Stover

created Thursday, 2021 December 9
updated Tuesday, 2022 July 19

Someone told me that “Encryption is useless without authentication”.

I disagree.

Think about this simple description of a protocol...


It's not theoretical. This is how Transport Layer Security (TLS) works. It establishes privacy before authenticating either side. So it uses encryption to achieve privacy without authentication. The authentication occurs later in the protocol. So encryption is used without authentication; in fact, it's an assumption before the protocol attempts to authenticate.

Change Log