Re: Avoiding extension attack

Arer you aware that modern hashs use the length to help avoid this?

Perhaps you took this in to account, can you please explain all your
symbols?

JLC

alexiswarner@gmail.com wrote:
> I am considering the following "addition" to the Preneel-Miyaguchi hash
> scheme
> to avoid the "extension attack" (calculating the hash of M || M'
> without knowing M,
> but only the hash of M) :

> H_0 = 0
> H_i = E(H_i-1, M_i) + H_i-1 + M_i (i = 1 .. m)
> H_m+1 = E(0, H_m + L) + H_m + L

> where
> a) M = M_1 || M_2 || .... || M_m is an L-bit message, and M_i are
> blocks
> b) M_m is right padded with zeros if necessary
> c) + is xor
> e) E(K, X) is the encryption function
> f) H_m+1 is the hash of M

> You see any flaw ?
> This was tried before ? Any links ?

> Thanks
> ---
> Alexis Machado

--