LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why is encryption alone insufficient for secure communication — what additional protections are needed?

Encryption only provides confidentiality. Secure communication also requires integrity (MAC/signatures), authentication (protocols), and freshness (sequence numbers).

What encryption gives you: Protection against eavesdropping — Eve can't read the message.

What encryption does NOT give you:

Missing Property Attack Possible Solution
Integrity Modify encrypted data MAC or Digital Signature
Authenticity Insert fake messages MAC or Digital Signature
Non-repudiation Sender denies sending Digital Signature
Freshness Replay old messages Sequence numbers
Availability Delete messages Sequence numbers
User authentication Masquerade C-R Protocols

Real-world consequence: Early SSL/TLS versions that only encrypted (without proper integrity) were vulnerable to attacks like BEAST and POODLE. Modern TLS 1.3 uses authenticated encryption (AEAD) which combines confidentiality + integrity in a single operation.

Rule of thumb: Never use encryption without authentication. "Encrypt-then-MAC" or AEAD modes like AES-GCM are the standard approach.

Go deeper:

From Quiz: KRYPTOG / Fundamentals of Cryptography | Updated: Jul 14, 2026