From owner-freebsd-security Mon May 3 3:35:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from beatrice.rutgers.edu (beatrice.rutgers.edu [165.230.209.226]) by hub.freebsd.org (Postfix) with ESMTP id 6533B15435 for ; Mon, 3 May 1999 03:35:20 -0700 (PDT) (envelope-from easmith@beatrice.rutgers.edu) Received: (from easmith@localhost) by beatrice.rutgers.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) id GAA01126; Mon, 3 May 1999 06:18:11 -0400 (EDT) From: "Allen Smith" Message-Id: <9905030618.ZM1124@beatrice.rutgers.edu> Date: Mon, 3 May 1999 06:18:11 -0400 In-Reply-To: Pierre Beyssac "Re: Blowfish/Twofish" (May 3, 5:05am) References: <9905030205.ZM6442@beatrice.rutgers.edu> <19990503112154.A20922@enst.fr> X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail) To: Pierre Beyssac , Robert Watson , 0x1c Subject: Re: Blowfish/Twofish Cc: freebsd-security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On May 3, 5:05am, Pierre Beyssac (possibly) wrote: > On Mon, May 03, 1999 at 02:05:30AM -0400, Allen Smith wrote: > > One can use any cryptographically secure one-way hash function as a > > (secret key) encryption method. The procedure is as follows: > > > > Sender and recipient have shared secret key K. They want to transmit > > information I. Sender takes three-bit chunks (the most efficient size) > > of information I, finds a random salt S of sufficient size for each > > There's a simpler way that doesn't requires you to compute several > hashes for the same data: simply use your hash function as a > pseudo-random generator using the key as a seed, then XOR the > resulting stream with your data. > > However, it seems using this scheme is not recommended by experts > in the field, on the assumption that hash functions are not designed > to withstand the same kind of attacks as ciphers functions. True... because what makes a cryptographically secure hash is: A. you can't figure out the input from the output; and B. the output is evenly distributed over the input space (it isn't all clumped up). Neither of these mean that you can't figure out the output if you know the input, or some portion of it (i.e., the previous output of the hash function). -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message