Is encryption useless without authentication?

by Gene Michael Stover

created Thursday, 2021 December 9

Someone told me that “Encryption is useless without authentication”.

I disagree.

Think about this simple description of a protocol...

• Client connects to server. (Just an octet-by-octet communication channel, such as TCP.)
• Client & server use the Diffie-Hellman key exchange method to establish a shared secret. (This does not require or establish authentication.)
• With the shared secret, the parties could use encryption for privacy or to detect tampering.

There are details (such as key size, initial settings, choice of hash functions) that must be decided for that final step to work, but the basics are that there are uses for encryption without authentication. They did not require authentication to get to that point in the protocol.

Change Log

cybertiggyr.com