Message Confidentiality and Integrity - Prepend Hash versus Append Hash
- From: Jeffrey Walton <noloader@xxxxxxxxx>
- Date: Fri, 8 Aug 2008 13:57:20 -0700 (PDT)
Hi All,
Given a message m, are the two below equivalent (prepending a hash
versus appending a hash):
E_k( h(m) || m ) and E_k( m || h(m) )
Handbook of Applied Cryptography tells me to use E_k( m || h(m) ) to
achieve confidentiality and integrity [1].
In practice, appending the hash is more difficult (in terms of
programming logic) if the message is not on a BLOCKSIZE boundary,
since we have to deal with 'tail bytes' before padding.
Things become much simpler if I can perform E_k( h(m) || m ) since
h(m) is always on a BLOCKSIZE boundary.
Jeff
[1] Online book: http://www.cacr.math.uwaterloo.ca/hac/, p. 365.
.
- Follow-Ups:
- Re: Message Confidentiality and Integrity - Prepend Hash versus Append Hash
- From: David Wagner
- Re: Message Confidentiality and Integrity - Prepend Hash versus Append Hash
- From: karl malbrain
- Re: Message Confidentiality and Integrity - Prepend Hash versus Append Hash
- Prev by Date: looking for an openssl activex implementation using Blowfish or AES
- Next by Date: Re: looking for an openssl activex implementation using Blowfish or AES
- Previous by thread: looking for an openssl activex implementation using Blowfish or AES
- Next by thread: Re: Message Confidentiality and Integrity - Prepend Hash versus Append Hash
- Index(es):
Relevant Pages
|
