[13189] in cryptography@c2.net mail archive
Re: The Pure Crypto Project's Hash Function
daemon@ATHENA.MIT.EDU (Pete Chown)
Sun May 4 10:14:05 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 04 May 2003 15:07:46 +0100
From: Pete Chown <Pete.Chown@skygate.co.uk>
To: cryptography@metzdowd.com
In-Reply-To: <20030503141808.A29999@slack.lne.com>
Eric Murray wrote:
> SHA1 as a primitive can be used for other things like making a
> symmetric encryption algorithm. There have even been some research
> papers published on the strength of SHA-MDC.
The other option is to use Rijndael for encryption; you can then reuse
the code in a Davies-Meyer hash function. The nice thing about Rijndael
is that it supports 256-bit blocks, so you get a 256-bit version of
Davies-Meyer. If you are doing 128-bit encryption, you may well want
256-bit hash functions to avoid problems with the birthday "paradox".
The other option is to use a hash construction like MDC-2 with a smaller
block size, but I believe this is patented.
I wonder if there is an alternative way of verifying something like a
SHA-1 implementation. First of all, you try to make sure that there are
no memory problems such as buffer overruns. You then treat the
algorithm as a black box and try a few test vectors. If it gets the
test vectors right, and it looks roughly like SHA-1, it's probably
correct. It would be difficult to come up with an algorithm that is the
same as SHA-1 for nearly all inputs, has code which looks identical to
SHA-1 on a casual inspection, and can be made to leak something
worthwhile if you know about the bug.
--
Pete
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com