Encrypt-then-MAC

[taoeffect]

MAC-then-Encrypt has resulted in serious problems in other tools and protocols. It intuitively makes sense why that would be. You're willingly allowing data to be tampered with and for that tampering to go unnoticed. That's a serious problem. Why risk that at all if you could choose to not take such an unnecessary risk?

Reopened from: #19

[taoeffect]

The concern expressed here is covered in detail in a post titled “The Cryptographic Doom Principle”, which also discusses attacks, and goes over issues with SSH.