Message Confidentiality and Integrity - Prepend Hash versus Append Hash



Hi All,

Given a message m, are the two below equivalent (prepending a hash
versus appending a hash):

E_k( h(m) || m ) and E_k( m || h(m) )

Handbook of Applied Cryptography tells me to use E_k( m || h(m) ) to
achieve confidentiality and integrity [1].

In practice, appending the hash is more difficult (in terms of
programming logic) if the message is not on a BLOCKSIZE boundary,
since we have to deal with 'tail bytes' before padding.

Things become much simpler if I can perform E_k( h(m) || m ) since
h(m) is always on a BLOCKSIZE boundary.

Jeff

[1] Online book: http://www.cacr.math.uwaterloo.ca/hac/, p. 365.
.



Relevant Pages