to hash or not to hash? (and when!?)
843811Mar 5 2007 — edited Mar 25 2007hey all,
i am thinking -in theory (although i am implementing it in parallel) - the following thing. I have a communication between a client and a server and i want to protect all the messages from modification and authentication. Lets say that the server creates a message and wants to sent it securely to the client.. when should it hash it?
Case 1: It hashes the original (plaintext) message and then it encryptes the message and the hashed value (with the public key of the client) and sents the encrypted (object) packet to the other side.
Case 2: it encrypts the original message and it hashes the encrypted outcome and then sends the encrypted message with the hashed calculated value (which is unencrypted) .
In the first case, and if a someone wants to tamper the message, he will tamper the encrypted packet and thus the decryption will not take place correctly in the client's size(what is the use of the hash here?) Moreover, if the client decrypts the received packet correctly there is no use of checking the hash value.. In the second case even if the client produces its own hashed value of the encrypted message there is no use because even if someone changes the value of the hash or the encrypted packet then again the decryption will fail...
the question is...what and when do you hash? the original text and then you encrypt the message and the hashed value, or do you encrypt the message and then produce a hash from it?
i am looking for a conversation if anyone wants to discuss this issue...
thx a looooot!