[25683] in cryptography@c2.net mail archive
Re: picking a hash function to be encrypted
daemon@ATHENA.MIT.EDU (James A. Donald)
Mon May 15 20:57:27 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 16 May 2006 10:33:06 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: EKR <ekr@rtfm.com>
Cc: "Travis H." <solinym@gmail.com>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <86ves8dvrp.fsf@romeo.rtfm.com>
--
"Travis H." <solinym@gmail.com> writes:
>> So...
>>
>> Suppose I want a function to provide integrity and
>> authentication, and that is to be combined with a
>> stream cipher (as is the plaintext). I believe that
>> authentication is free once I have integrity given
>> the fact that the hash value is superencrypted using
>> the stream cipher, whose key is shared by only the
>> sender and recipient.
Eric Rescorla wrote:
> It's not safe to use a hash function this way if the
> content is known to the attacker.
The content therefore should always contain something
random - which other parts of the protocol usually
require for other reasons.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
j4gjR2yE9L2n/vvjYFQUivo5ojBm6HCmxw83+X+g
4016yUOsGdYzWmpwqKkShf8kATzoWg5BesEp42JuD
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
