[Cryptography] Solving Matt's hash problem

John Levine johnl at iecc.com
Sat Nov 19 10:53:52 EST 2022

It appears that Sam Hartman <hartmans at suchdamage.org> said:
>hashes that do make it easy to embed a fixed point.  You could do
>something like look for a certain structure in the message being hashed
>and exclude from hashing a certain structure.  For example look for
><hashgoeshere>abcdef09845...</hashgoeshere> and simply not include the
>contents of that tag in your hashing. 

That seems to be the usual workaround. DKIM (RFC 6376) adds a
signature header to a mail message with a hash of group of headers
including the signature header itself.  It does that by leaving out
the hash when hashing the header.  I know nobody thought that was
new or clever at the time.

It sounds like the answer to my original preimage/fixed-point question
is that it is probably no different from any other preimage problem
but that particular variation hasn't gotten a lot of attention.


More information about the cryptography mailing list