|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com X-Original-To: cryptography@metzdowd.com Date: Sun, 04 May 2003 15:07:46 +0100 From: Pete Chown <Pete.Chown@skygate.co.uk> To: cryptography@metzdowd.com In-Reply-To: <20030503141808.A29999@slack.lne.com> Eric Murray wrote: > SHA1 as a primitive can be used for other things like making a > symmetric encryption algorithm. There have even been some research > papers published on the strength of SHA-MDC. The other option is to use Rijndael for encryption; you can then reuse the code in a Davies-Meyer hash function. The nice thing about Rijndael is that it supports 256-bit blocks, so you get a 256-bit version of Davies-Meyer. If you are doing 128-bit encryption, you may well want 256-bit hash functions to avoid problems with the birthday "paradox". The other option is to use a hash construction like MDC-2 with a smaller block size, but I believe this is patented. I wonder if there is an alternative way of verifying something like a SHA-1 implementation. First of all, you try to make sure that there are no memory problems such as buffer overruns. You then treat the algorithm as a black box and try a few test vectors. If it gets the test vectors right, and it looks roughly like SHA-1, it's probably correct. It would be difficult to come up with an algorithm that is the same as SHA-1 for nearly all inputs, has code which looks identical to SHA-1 on a casual inspection, and can be made to leak something worthwhile if you know about the bug. -- Pete --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |