0 upvotes, 1 direct replies (showing 1)
https://datatracker.ietf.org/doc/html/rfc2289
You have to salt the hash... so that the MITM can't fake things.
I'm still very surprised there are C coders that never used Java and cryptography experts that never used 2289!
Comment by shavetheyaks at 17/01/2025 at 00:31 UTC
1 upvotes, 1 direct replies
That salt would need to be pre-shared in secret, the same as an encryption key. And cryptographically secure hashes are wasteful *by design* to make brute-force attacks harder. So if you're hashing the whole message with a secure hash, you're probably doing even more work than you would have if you were encrypting it.