[11245] in cryptography@c2.net mail archive
Re: building a true RNG
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Jul 29 19:52:17 2002
From: David Wagner <daw@cs.berkeley.edu>
To: lloyd@acm.jhu.edu (Jack Lloyd)
Date: Mon, 29 Jul 2002 13:26:55 -0700 (PDT)
Cc: daw@cs.berkeley.edu (David Wagner),
cryptography@wasabisystems.com
In-Reply-To: <Pine.LNX.4.33L2.0207291618140.18203-100000@sol.galaxy.acm.jhu.edu> from "Jack Lloyd" at Jul 29, 2002 04:24:36 PM
> Somewhat related to that, are there any block cipher->hash function methods
> that are actually secure? Every one I've ever read about seems to have been
> broken.
One standard method is to use Davies-Meyer mode with a block cipher that
has a very strong key schedule and has a sufficiently large block size
(at least 128 bits). I'm not sure I'd recommend doing this with AES,
as I'm not sure how well studied AES's key schedule is. Personally,
if I had a choice, I'd prefer hash functions like SHA1, but if that's
not an option, Davies-Meyer might be a reasonable alternative.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
