"Travis H." <[EMAIL PROTECTED]> writes:
>> So...
>> Suppose I want a function to provide integrity and
>> authentication, and that is to be combined with a
>> stream cipher (as is the plaintext).  I believe that
>> authentication is free once I have integrity given
>> the fact that the hash value is superencrypted using
>> the stream cipher, whose key is shared by only the
>> sender and recipient.

Eric Rescorla wrote:
> It's not safe to use a hash function this way if the
> content is known to the attacker.

The content therefore should always contain something
random - which other parts of the protocol usually
require for other reasons.

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to