[cryptography] Word-boundary-sensitive hashing

Florian Weimer fw at deneb.enyo.de
Wed Aug 5 16:35:10 EDT 2015

Suppose I have a sequence of words over some alphabet, and I want to
compute a cryptographically secure hash over that.  Simply
concatenating the hashes to form a single word does not work because
the word boundaries might have been meaningful and not implicit in the
inputs, and then you have second preimages etc.  I guess this is why
we have DER, among other reasons.

I've been asked to provide some citation for this observation, but I
can't find a proper reference.  Any suggestions?

More information about the cryptography mailing list