I stumbled upon this on stackexchange: https://security.stackexchange.com/a/2212
Basically they’re mentioning that ‘built||insecurely’ and ‘builtin||securely’ will generate the same hash, so that one must employ some kind of mitigating factor like H(H(builtin)||H(securely)) to avoid the ambiguity of each formation generating the same hash.
I’m a little confused by exactly what contexts this is important in, and what instances of strings being concatenated are ambiguous and vulnerable to this. Specifically, if using encrypt-then-MAC on a cipher-text message, it’s said that one should generate the MAC with the IV and the cipher-text both, so something like H(IV||C).
Does the ambiguity vulnerability still apply in the context of H(IV|C)? I’m having a little trouble wrapping my head around what could go wrong and what could be attacked in this context.