It is always recommended to compute a MAC signature of cyphertext and verify it before decryption. Failing to do so will leave you open to issues such as the recent ASP.NET padding oracle attack.
Log in to post a comment.
