this post was submitted on 10 Aug 2023
536 points (97.9% liked)
Programmer Humor
19623 readers
5 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The real question is do you encrypt-and-sign or sign-and-encrypt?
Encrypt then sign. Always authenticate before any other operations like decryption. Don't violate the cryptographic doom principle.
Encrypt then sign. Verification is often much faster than (or at worst as fast as) decryption. Signature can also be verified without decryption key, making it possible to verify the data along the way.