>> My question is this: is there any harm in sending, in plaintext, the >> hash of the *original* plaintext file to the peer? This would be used >> when recovering the file to make sure it has been safely decrypted >> etc. Assume the hash would be cryptographically secure (i.e. SHA256)
> Conditionally, yes. it can be used for massively distributed trial > decryption to verify that the trial was correct. However, in practical > terms, no, as encryption schemes often include inband checksums anyhow. I don't really agree that encryption schemes often include checksums. Certainly key-wrapping protocols include a checksum, but almost all other schemes just encrypt. Some schemes allow for the inclusion of an optional digital signature, such as with CMS or OpenPGP, but they are rarely used in an applications. Other than the trial decryption, I'm not aware of any leakage of data from hashing. If you are worried about the hash, consider a keyed hash message authentication code. It has the same length of output as the underlying hash. Just do not use the same key as you use for encryption. Eric Lengvenis This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde