[144856] in cryptography@c2.net mail archive
Re: how to encrypt and integrity-check with only one key
daemon@ATHENA.MIT.EDU (David-Sarah Hopwood)
Tue Sep 15 11:38:16 2009
Date: Tue, 15 Sep 2009 05:03:59 +0100
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
To: cryptography@metzdowd.com
In-Reply-To: <96AF2A0D-CB1A-42B4-838B-A1DBB1147F43@zooko.com>
Zooko Wilcox-O'Hearn wrote:
> following-up to my own post:
>=20
> On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:
>=20
>> David-Sarah Hopwood suggested the improvement that the integrity-check=
>> value "V" could be computed as an integrity check (i.e. a secure hash)=
>> on the K1_enc in addition to the file contents.
>=20
> Oops, that's impossible. What David-Sarah Hopwood actually said was
> that this would be nice if it were possible, but since it isn't then
> people should pass around the tuple of (v, K1_enc) whenever they want t=
o
> verify the integrity of the ciphertext.
>=20
> http://allmydata.org/pipermail/tahoe-dev/2009-September/002798.html
Zooko is referring to the argument after the first '-' in that post.
Note that the argument after the second '-' was wrong; see the correction=
in
<http://allmydata.org/pipermail/tahoe-dev/2009-September/002801.html>.
--=20
David-Sarah Hopwood =E2=9A=A5 http://davidsarah.livejournal.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com