[cryptography] Word-boundary-sensitive hashing

Florian Weimer fw at deneb.enyo.de
Thu Aug 13 18:11:34 EDT 2015


* Eirik:

> On 5 August 2015 22:35:10 CEST, Florian Weimer <fw at deneb.enyo.de> wrote:
>>Suppose I have a sequence of words over some alphabet, and I want to
>>compute a cryptographically secure hash over that.  Simply
>>concatenating the hashes to form a single word does not work because
>>the word boundaries might have been meaningful and not implicit in the
>>inputs, and then you have second preimages etc.  I guess this is why
>>we have DER, among other reasons.
>
> Isn't the normal way to effectively introduce an alphabet A' that is a
> superset of A plus a word separator? You know like A=a-z A'=A+ space?

Explicit framing instead of quoting/escaping is probably more robust
and easier to implement, at least for digest computation.

>>I've been asked to provide some citation for this observation, but I
>>can't find a proper reference.  Any suggestions?
>
> Isn't this trivial? {a,aa} != {aaa} ?

I think it is, but sufficiently many people accept something as true
only if it is published in a peer-reviewed paper.


More information about the cryptography mailing list