Re: how to encrypt and integrity-check with only one key

[David-Sarah Hopwood]

Zooko Wilcox-O'Hearn wrote:
> following-up to my own post:
> 
> On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:
> 
>> David-Sarah Hopwood suggested the improvement that the integrity-check
>> value "V" could be computed as an integrity check (i.e. a secure hash)
>> on the K1_enc in addition to the file contents.
> 
> Oops, that's impossible.  What David-Sarah Hopwood actually said was
> that this would be nice if it were possible, but since it isn't then
> people should pass around the tuple of (v, K1_enc) whenever they want to
> verify the integrity of the ciphertext.
> 
> http://allmydata.org/pipermail/tahoe-dev/2009-September/002798.html

Zooko is referring to the argument after the first '-' in that post.
Note that the argument after the second '-' was wrong; see the correction in
.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: how to encrypt and integrity-check with only one key

[Zooko Wilcox-O'Hearn]

following-up to my own post:

On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:

David-Sarah Hopwood suggested the improvement that the integrity- 
check value "V" could be computed as an integrity check (i.e. a  
secure hash) on the K1_enc in addition to the file contents.


Oops, that's impossible.  What David-Sarah Hopwood actually said was  
that this would be nice if it were possible, but since it isn't then  
people should pass around the tuple of (v, K1_enc) whenever they want  
to verify the integrity of the ciphertext.


http://allmydata.org/pipermail/tahoe-dev/2009-September/002798.html

Regards,

Zooko


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com