On 5 August 2015 22:35:10 CEST, Florian Weimer <f...@deneb.enyo.de> wrote:
>Suppose I have a sequence of words over some alphabet, and I want to
>compute a cryptographically secure hash over that. Simply
>concatenating the hashes to form a single word does not work because
>the word boundaries might have been meaningful and not implicit in the
>inputs, and then you have second preimages etc. I guess this is why
>we have DER, among other reasons.
Isn't the normal way to effectively introduce an alphabet A' that is a superset
of A plus a word separator? You know like A=a-z A'=A+ space?
And/or introduce groupings - but that should be equivalent (eg: you want to
send arbitrary length bit-string "words", so you decide to treat the 8 first
bits as word length in binary, possibly with 8th bit as signal for word longer
than 127 bits; new 8 bit length field before word...).
In the first case you need a hash function over A' rather than A; In both you
need a decode step to get back to either words in A or extracting the
bitstrings you wanted?
>I've been asked to provide some citation for this observation, but I
>can't find a proper reference. Any suggestions?
Isn't this trivial? {a,aa} != {aaa} ?
Apologies if I'm completely missing your point.
Best regards,
Eirik S
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
