[tahoe-dev] Choice of tree-hash
David-Sarah Hopwood
david-sarah at jacaranda.org
Mon Sep 24 19:43:56 UTC 2012
On 24/09/12 20:35, David-Sarah Hopwood wrote:
> On 23/09/12 20:11, Tony Arcieri wrote:
>> Why not use a hash (tree) of the ciphertext for this purpose? I suppose encrypting the
>> hash of the plaintext accomplishes the same thing...
>
> In addition to CodesInChaos' reply:
>
> Integrity checking using a hash of the ciphertext relies on the decryption being
> correct. Checking using an encrypted hash of the plaintext does not: the check will
> fail if there is an error in either the decryption of the encrypted-hash, or the
> decryption of the ciphertext.
... and also if there is an error in the computation of the hash, unless it is a
deterministic error producing the same wrong value when it was originally computed
and when it is checked.
--
David-Sarah Hopwood ⚥
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120924/963a1dae/attachment.pgp>
More information about the tahoe-dev
mailing list