|
|
|
|
|
|
by deckar01
4021 days ago
|
|
|
Assume for a moment that no hashing is performed. I compute C = B || D. I reveal C. I later choose new data D'. I compute C = B' || D'. I reveal B' and D'. Since both B and D were secret, B' and D' are accepted. Secretly masking data lends to malleability. (EDIT: Not a mask) EDIT: As CJefferson points out the operation is not a mask, but concatenation of a fixed length random value which invalidates this example. Exploiting this secrecy would require a weakness in SHA256 that allows input prefixes to produce colliding hash states (hard). |
|
|