how to encrypt and integrity-check with only one key

David-Sarah Hopwood david-sarah at jacaranda.org
Tue Sep 15 00:03:59 EDT 2009


Zooko Wilcox-O'Hearn wrote:
> following-up to my own post:
> 
> On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:
> 
>> David-Sarah Hopwood suggested the improvement that the integrity-check
>> value "V" could be computed as an integrity check (i.e. a secure hash)
>> on the K1_enc in addition to the file contents.
> 
> Oops, that's impossible.  What David-Sarah Hopwood actually said was
> that this would be nice if it were possible, but since it isn't then
> people should pass around the tuple of (v, K1_enc) whenever they want to
> verify the integrity of the ciphertext.
> 
> http://allmydata.org/pipermail/tahoe-dev/2009-September/002798.html

Zooko is referring to the argument after the first '-' in that post.
Note that the argument after the second '-' was wrong; see the correction in
<http://allmydata.org/pipermail/tahoe-dev/2009-September/002801.html>.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list