Hacker News new | ask | show | jobs
by chug 3616 days ago
Exactly! In fact, that's embarrassingly concise given my rambling. The only major thing missed is that the hash input has to contain something that the attack doesn't know in addition to the message. Or in other words, the private key is usually also involved in the hashing. If you ever want to get into details, the MAC [1] and HMAC [2] wiki pages go into depth.

[1] https://en.wikipedia.org/wiki/Message_authentication_code [2] https://en.wikipedia.org/wiki/Hash-based_message_authenticat...
1 comments
nchelluri 3616 days ago
thanks for the followup :) and especially for the clarification about private keys (and MAC, HMAC) for the signature.
link