Hal Finney writes:
The plaintext would be followed by a SHA-1 hash of the plaintext data.
I have an unconditionally secure MAC that's much faster than SHA-1---in
fact, even faster than MD5. The alpha implementation is available from
http://pobox.com/~djb/hash127.html
Please send any comments or questions to the hash127 mailing list. To
subscribe, send an empty message to
hash127-subscribe(_at_)list(_dot_)cr(_dot_)yp(_dot_)to(_dot_)
many people don't like to sign their messages for legal reasons,
Why? Because signatures can't be repudiated?
One easy solution, under the original Diffie-Hellman system, is to use a
MAC as above, where the MAC key is generated from the Diffie-Hellman
shared secret. The receiver can generate new MACs under the same key, so
he can't prove to a judge that a message came from you.
(There are similar solutions using RSA, but Diffie-Hellman is faster.)
---Dan