[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with bit-twiddlers



On Thu, 2002-03-28 at 01:19, Nick Mathewson wrote:
  [...]
> 3) Every header contains a hash of the next header.  The last header has
> a hash of the "header portion" of the payload.  The payload's header has
> a hash of the payload.
> 
> This would entail another kind of type specification, where a message
> would be of the form:
>        MH1 MH2 MH3 MH4 E_{K1..4}(CH1 (CH2 (CH3 Content)))
 [...]
> **Clearly, (3) is the one I liked best. :)

Except that (3) wouldn't work, naturally.  Suppose I (an adversary)
control nodes 1, 3, and 4 in a 4-node cascade.  I can make node 1 tag
the portions of each header intended for node 4.  If the honest node 2
can only check the part of the header intended for node 3, then it won't
catch the tampered message, but I can still differentiate the tampered
message at node 4.

George's current direction may be more fruitful.

-- 
Nick