[11272] in cryptography@c2.net mail archive
Re: building a true RNG
daemon@ATHENA.MIT.EDU (Paul Crowley)
Thu Aug 1 21:47:42 2002
To: David Wagner <daw@cs.berkeley.edu>
Cc: jsd@monmouth.com (John S. Denker),
daw@mozart.cs.berkeley.edu (David Wagner),
cryptography@wasabisystems.com, barney@tp.databus.com (Barney Wolff)
From: Paul Crowley <paul@ciphergoth.org>
Date: 02 Aug 2002 01:13:05 +0100
In-Reply-To: David Wagner's message of "Mon, 29 Jul 2002 10:45:39 -0700 (PDT)"
David Wagner <daw@cs.berkeley.edu> writes:
> I don't know of any good cryptographic hash function that comes with
> a proof that all outputs are possible. However, it might not be too
> hard to come up with plausible examples. For example, if we apply the
> Luby-Rackoff construction (i.e., 3 rounds of a Feistel cipher), with
> ideal hash functions in each round, does this have the desired properties?
> It might.
This seems to define a block cipher with no key, which is collision
free but not one-way. Am I misunderstanding what you're proposing?
--
__ Paul Crowley
\/ o\ sig@paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
