LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why doesn't encryption alone prevent masquerade attacks?

Encryption hides message content but doesn't verify who sent it — an attacker with the right key (or in asymmetric crypto, the public key) can encrypt messages pretending to be someone else.

Symmetric case: If Eve somehow obtains the shared key $K$, she can encrypt messages that look identical to Alice's messages. Bob cannot tell the difference.

Asymmetric case: Public keys are public! Anyone can encrypt a message with Bob's public key and claim to be Alice. Encryption proves nothing about the sender — only that the sender knew the recipient's public key.

The solution: Challenge-Response (C-R) protocols:

  1. Bob sends a random challenge (nonce) to Alice
  2. Alice must prove she knows a secret (e.g., sign the challenge with her private key)
  3. Bob verifies the response

This proves Alice's identity in real-time, not just that someone possesses a key.

Go deeper:

From Quiz: KRYPTOG / Fundamentals of Cryptography | Updated: Jul 14, 2026