[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Orthogonal Checksums?

Bob is storing a file for Alice.
Once in a while Alice wants to check that Bob still has it.

The first time, she can ask him to take the MD5 of the file.  
What about the second time?  (A single MD5 he could just store).

I've looked it up in Schneier.  There doesn't seem to be
anything about this exact situation; will the following work?

Alice makes a 128-bit random string and asks Bob to take the 
MD5 of the file with her random string prepended.  This is
impossible for Bob to compute without the file.  Right?

Alice, however, can precompute as many of these as she wants
(as long as she keeps them secret) so she doesn't have to
actually keep the file.

ps.  MD5 of a file with a random string appended to the *end*
     *can* be computed after having discarded the file.

- - - - - - - - - - - - - - -
To auditors without the code, calls seem
indistinguishable from noise.  --George Gilder
Version: 2.3a