[cryptography] Word-boundary-sensitive hashing

Eirik crypto-discuss-list at s.hypertekst.net
Thu Aug 6 05:16:25 EDT 2015

On 5 August 2015 22:35:10 CEST, Florian Weimer <fw at deneb.enyo.de> wrote:
>Suppose I have a sequence of words over some alphabet, and I want to
>compute a cryptographically secure hash over that.  Simply
>concatenating the hashes to form a single word does not work because
>the word boundaries might have been meaningful and not implicit in the
>inputs, and then you have second preimages etc.  I guess this is why
>we have DER, among other reasons.

Isn't the normal way to effectively introduce an alphabet A' that is a superset of A plus a word separator? You know like A=a-z A'=A+ space?

And/or introduce groupings - but that should be equivalent (eg: you want to send arbitrary length bit-string "words", so you decide to treat the 8 first bits as word length in binary, possibly with 8th bit as signal for word longer than 127 bits; new 8 bit length field before word...).

In the first case you need a hash function over A' rather than A; In both you need a decode step to get back to either words in A or extracting the bitstrings you wanted?

>I've been asked to provide some citation for this observation, but I
>can't find a proper reference.  Any suggestions?

Isn't this trivial? {a,aa} != {aaa} ?

Apologies if I'm completely missing your point.

Best regards,

Eirik S

More information about the cryptography mailing list