Hi denote23,
On Sun, May 2, 2010 at 4:08 AM, denot...@libero.it <denot...@libero.it> wrote:
> Hi all
>
> wha's the best way to do a <---- H(M || T) ??
>From your follow up email, it appears you've got the API figured out.
> H is a one-way function (preferably SHA1)
SHA1 is great for Web interop, but it is beyond its useful life, and
should not be considered secure. Its security level has been reduced
to 2^50.
> M is a message (string or binary data)
> T ,a are a BIGNUM
> || concat
H(M || T) is interesting, assuming 'T' is some sort of authentication
tag ('T' customarily denotes the tag in crypto). I'm used to seeing
E(M || H(M)) for an integrity check added to a message, but not H(M ||
T). Did you 'roll your own' scheme? By the way, if you got E(M ||
H(M)) from Handbook of Applied Cryptography (section 9.6), don't use
it. Its probably not secure (a lot has changed since HAC was written
in the mid-1990s).
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
