I refer to Should we MAC-then-encrypt or encrypt-then-MAC?.
There are 15 answers (today) with many words. It is difficult to tell which is the correct(?) answer. Also, the question excludes the concept of informationally secure universal hashing, or the effects of the application of a one time pad to the (H)MAC.
The original question is binary. So the answer should be YES/NO. Can this debate be simplified?
Well, if you want a simple answer, it's: neither. Use a standard construction for authenticated encryption, don't roll your own.
See for example Choice of authenticated encryption mode for whole messages (although as I write, its answers are a bit dated). See also Should we use the new CAESAR competition ciphers?.
The design of the standard construction is probably based either on encrypt-then-MAC or on MAC-then-encrypt. Either can work if done right, and can fail if done wrong.
If you want a less simple answer… you know where to find Should we MAC-then-encrypt or encrypt-then-MAC?.
