how to encrypt and integrity-check with only one key
David-Sarah Hopwood
david-sarah at jacaranda.org
Tue Sep 15 00:03:59 EDT 2009
Zooko Wilcox-O'Hearn wrote:
> following-up to my own post:
>
> On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:
>
>> David-Sarah Hopwood suggested the improvement that the integrity-check
>> value "V" could be computed as an integrity check (i.e. a secure hash)
>> on the K1_enc in addition to the file contents.
>
> Oops, that's impossible. What David-Sarah Hopwood actually said was
> that this would be nice if it were possible, but since it isn't then
> people should pass around the tuple of (v, K1_enc) whenever they want to
> verify the integrity of the ciphertext.
>
> http://allmydata.org/pipermail/tahoe-dev/2009-September/002798.html
Zooko is referring to the argument after the first '-' in that post.
Note that the argument after the second '-' was wrong; see the correction in
<http://allmydata.org/pipermail/tahoe-dev/2009-September/002801.html>.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list