Suppose Bob produced document m and h(m) using a hash function h which is known publicly.

 

(a) Bob sends {m, h(m)} to Alice over the Internet. Can Alice verify that m has not been tampered with (say during its transit over the Internet)? Explain.

 

 

My answer: I assume Alice can verify that m has not been tampered with, since h(m) should still compute correctly regardless of whether a replay attack has occurred or not. SO yes Alice can check message tampering.

 

 

Can anyone let me know if this is correct?

You're correct that it doesn't protect against replay attacks. But can an attacker manipulate the message without a replay attack, and still produce a valid hash? Think about that for a bit.

hmm...I would assume that it cant unless its some sort of clever hack where the message is corrupted via bits that cancel each other? I think that should then have no effect on the hashed value. Is that correct?

If the hash function is known publicly, can't the malicious interceptor just hash the altered message? I could easily intercept {m, h(m)} and replace it with {n, h(n)}, where n is my evil replacement message.

Ohh yes. Off-course!. Alice would have no way of knowing the message is tampered with as she would believe message=n.

 

But what i said about 2 bits cancelling does that make sense too?

It's possible, but the point of cryptographic hash functions is that it is very, very difficult to generate a message that produces a given hash. That's called a preimage attack, and it basically requires brute-forcing it: try a bunch of messages until you get one which has the right hash. It takes a very, very long time.

Fair enough. Thank you!!

 

Now if u can help me with the second part as well..i will be great full.

 

(a) Bob gives {m, h(m)}to Alice directly (face to face), can Alice be sure that there was no tampering by a third party?

 

 

Ans: Similar to the first part, i would think that even if Bob gave Alice the message face to face.....she would have no way of knowing what the original message was so cannot know if the message was tampered with by a third party. She would have to accept the message that she receives as the original message.

Yes. Of course, if she trusts Bob, and Bob says it's the correct message...