Re: Does OTP need authentication?
From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 12/14/03
- Next message: Rickey Braddam: "Re: IP Level Encryption (kind of long)"
- Previous message: Tom St Denis: "Re: Does OTP need authentication?"
- In reply to: David Wagner: "Re: Does OTP need authentication?"
- Next in thread: David Wagner: "Re: Does OTP need authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Dec 2003 23:33:35 GMT
"David Wagner" <daw@taverner.cs.berkeley.edu> wrote in message
news:brg7d6$1uqv$2@agate.berkeley.edu...
> Markus Jansson wrote:
> >Make a SHA-1 checksum of the data and store it at the end of the message
> >that is to be encrypted with OTP. Then recipient decrypts the message,
> >calculates the checksum and compares it to the checksum that came inside
> >the message and see if they are identical. Voila!
>
> Only one problem: it's not secure.
>
> (Think about known-plaintext attacks, for instance.)
Um? So you will know the hash? So what? You can't find a collision for
that pre-image you can impostor the message.
Tom
- Next message: Rickey Braddam: "Re: IP Level Encryption (kind of long)"
- Previous message: Tom St Denis: "Re: Does OTP need authentication?"
- In reply to: David Wagner: "Re: Does OTP need authentication?"
- Next in thread: David Wagner: "Re: Does OTP need authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
