[17140] in cryptography@c2.net mail archive
Re: Propping up SHA-1 (or MD5)
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Mar 25 10:18:38 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Florian Weimer <fw@deneb.enyo.de>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Cryptography <cryptography@metzdowd.com>, saag@mit.edu
Date: Wed, 23 Mar 2005 17:35:50 +0100
In-Reply-To: <423EB67C.1000004@algroup.co.uk> (Ben Laurie's message of "Mon,
21 Mar 2005 11:56:44 +0000")
* Ben Laurie:
> Musing on these points, I wondered about the construction:
>
> H'(x)=H(H(x) || H(H(x) || x))
>
> which doesn't allow an attacker any choice, doesn't change APIs
Unfortunately, it does, in a rather fundamental way: streamed
processing is no longer possible.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
