[nchelluri]

thanks for this. If I may sum up and you could verify this:

When I encrypt something and give it to you, I should take a signature (hash of the encrypted msg) and append it to the encrypted message. Then if you twiddle bits before asking me to decrypt it, I'll see that your provided signature is incorrect.

I know there's more in it, and I've briefly read through the article you provided, which I may look at it in more detail later, but I think that's the gist of it.

[chug]

Exactly! In fact, that's embarrassingly concise given my rambling. The only major thing missed is that the hash input has to contain something that the attack doesn't know in addition to the message. Or in other words, the private key is usually also involved in the hashing. If you ever want to get into details, the MAC [1] and HMAC [2] wiki pages go into depth.

[1] https://en.wikipedia.org/wiki/Message_authentication_code [2] https://en.wikipedia.org/wiki/Hash-based_message_authenticat...

[nchelluri]

thanks for the followup :) and especially for the clarification about private keys (and MAC, HMAC) for the signature.