1. append a secret that both parties know hash this block. Send the message and the hash with it (obviously don't send the secret :)).
2. If a person intercepts the messages he can't change it cos he doens't know the secret you appended and because the hash is one way there is no way for that person to reverse the process and find the key .. 3. Person at the other end appends secret to your messages and verifies hash. cheers, Rory On Thu, 11 Jul 2002, Britt A. Green wrote: > Out of curiosity, what prevents someone from intercepting this message, > changing it and replacing it with their own SHA-1 hash? > > -- > "My mom says I'm cool." > > ----- Original Message ----- > From: "Cheryl Goh" <[EMAIL PROTECTED]> > To: "Mario Behring" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, July 09, 2002 9:51 PM > Subject: Re: 3DES versus SHA-1 > > > > Hello Mario, > > > > 3DES and SHA-1 are two different encryption algorithms. 3DES is a > symmetric > > algo and SHA-1 is a hashing algo. > > > > A typical scenario would be : > > > > The message is encrypted using 3DES to ensure that even if the message is > > intercepted the intruder is unable to view the message. > > > > SHA-1 is used to create a hash of the message and this hash is sent along > > with the message to the receiver. When the recipients receives the > message, > > he recalculates the hash to see if they both match. If the hash matches > then > > the message is original and has not been tampered with. > > > > In short, SHA-1 maintains the integrity of the message and 3DES maintains > > the confidentiality of the message. They are both used in tandem. > > > > Cheryl Goh > > Security Consultant, CISSP > > -- ----Rory
