Comments on: Why security is in such a sad state?

By: kurt wismer

kurt wismer — Sun, 08 Jun 2008 06:56:18 +0000

hmmm… i didn’t try googling them to see how easy it would be to find them… ok then, i might as well tell my source… applied cryptography, chapter 14 (“Still Other Block Ciphers”), section 11 (“Using One-Way Hash Functions”)… i read it (well, most of it, though my attention began to wane near the end) back when i was in my 3rd year at university…

you’re right, of course, that hash functions can’t be used as encryption algorithms, but that doesn’t mean they can’t be used to encrypt… one simply has to come up with a construction where their one-way-ness isn’t a problem (such as in a CFB or OFB cipher)…

By: Cd-MaN

Cd-MaN — Sat, 07 Jun 2008 18:20:13 +0000

thank for the interesting comments (as always). however I couldn’t find really much info about the algorithms / methods you are referencing.

For luby-rackoff I found a wikipedia entry (http://en.wikipedia.org/wiki/Feistel_cipher), however it directly references cyphers, not hashes.

Also, cryptographic hashes (should) have the property of “given h it should be hard to find any m such that h = hash(m)”, which pretty much rules them out as an encryption algorithm… (since you can’t go the other way around). Also, because they are fixed length, they act as an information reducer (or “lossy compressor”).

Finally I found a text regarding MDC (http://web.textfiles.com/software/sfs7.txt), however there hash functions are used to generate the key, not really to encrypt anything.

By: kurt wismer

kurt wismer — Sat, 07 Jun 2008 18:06:14 +0000

crypto-trivia: it is possible to encrypt with hash functions… see karn, luby-rackoff, or message digest cipher…

such constructions were probably not what those people had in mind, however…