Hi Trevor, thanks for you reply
> If you hash everything together you have to worry about > collision-resistance, so you still need a similar-sized value (e.g. > 200 bits). I thought about this for a while, and I see what you mean. Since hashing the values together means Mallory can switch out keys on both sides, not just Bob's, the attack scenario shifts from preimage(B) to collision(A'B'). That makes sense, - too bad, really :) - V _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
