--
"Travis H." <[EMAIL PROTECTED]> writes:
>> So...
>>
>> Suppose I want a function to provide integrity and
>> authentication, and that is to be combined with a
>> stream cipher (as is the plaintext).  I believe that
>> authentication is free once I have integrity given
>> the fact that the hash value is superencrypted using
>> the stream cipher, whose key is shared by only the
>> sender and recipient.

Eric Rescorla wrote:
> It's not safe to use a hash function this way if the
> content is known to the attacker.

The content therefore should always contain something
random - which other parts of the protocol usually
require for other reasons.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     j4gjR2yE9L2n/vvjYFQUivo5ojBm6HCmxw83+X+g
     4016yUOsGdYzWmpwqKkShf8kATzoWg5BesEp42JuD

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to