John wrote: > Hi all, > > (Apologies for asking two questions in quick succession on this > mailing list: they were similar but distinct so I thought I should put > two posts up. As before, any help is greatly appreciated). > > The software I'm writing sends an encrypted file to a peer for safe > keeping (for data backup purposes). The peer never needs to decrypt > the file - only the sender knows the key. > > The peer also is sent metadata about the file for later recovery. > > My question is this: is there any harm in sending, in plaintext, the > hash of the *original* plaintext file to the peer? This would be used > when recovering the file to make sure it has been safely decrypted > etc. Assume the hash would be cryptographically secure (i.e. SHA256).
Conditionally, yes. it can be used for massively distributed trial decryption to verify that the trial was correct. However, in practical terms, no, as encryption schemes often include inband checksums anyhow. depends on your attack model, really. _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde
