From this popular Crypto.SE thread, the general feeling is that Encrypt-Then-MAC is the most secure. From the first answer, the poster says that Encrypt-And-MAC provides integrity of the plaintext. If I'm transferring classified data between two parties, then this plaintext integrity should prevent malicious modifications, right? Assuming there are no known-plaintext attacks feasible in this scenario, is Encrypt-And-MAC secure? The thread seems to recommend against it, although I can't see why it would be considered insecure.
Asked
Active
Viewed 533 times
