picking a hash function to be encrypted
James A. Donald
jamesd at echeque.com
Mon May 15 20:33:06 EDT 2006
--
"Travis H." <solinym at gmail.com> writes:
>> So...
>>
>> Suppose I want a function to provide integrity and
>> authentication, and that is to be combined with a
>> stream cipher (as is the plaintext). I believe that
>> authentication is free once I have integrity given
>> the fact that the hash value is superencrypted using
>> the stream cipher, whose key is shared by only the
>> sender and recipient.
Eric Rescorla wrote:
> It's not safe to use a hash function this way if the
> content is known to the attacker.
The content therefore should always contain something
random - which other parts of the protocol usually
require for other reasons.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
j4gjR2yE9L2n/vvjYFQUivo5ojBm6HCmxw83+X+g
4016yUOsGdYzWmpwqKkShf8kATzoWg5BesEp42JuD
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list