[11273] in cryptography@c2.net mail archive
Re: building a true RNG
daemon@ATHENA.MIT.EDU (David Wagner)
Thu Aug 1 21:49:30 2002
From: David Wagner <daw@cs.berkeley.edu>
To: paul@ciphergoth.org (Paul Crowley)
Date: Thu, 1 Aug 2002 17:28:43 -0700 (PDT)
Cc: daw@cs.berkeley.edu (David Wagner),
jsd@monmouth.com (John S. Denker),
daw@mozart.CS.Berkeley.EDU (David Wagner),
cryptography@wasabisystems.com, barney@tp.databus.com (Barney Wolff)
In-Reply-To: <87heiejey6.fsf@saltationism.subnet.hedonism.cluefactory.org.uk> from "Paul Crowley" at Aug 02, 2002 01:13:05 AM
> David Wagner <daw@cs.berkeley.edu> writes:
> > I don't know of any good cryptographic hash function that comes with
> > a proof that all outputs are possible. However, it might not be too
> > hard to come up with plausible examples. For example, if we apply the
> > Luby-Rackoff construction (i.e., 3 rounds of a Feistel cipher), with
> > ideal hash functions in each round, does this have the desired properties?
> > It might.
>
> This seems to define a block cipher with no key, which is collision
> free but not one-way. Am I misunderstanding what you're proposing?
You understood it perfectly. Good point.
I didn't notice that problem. Harrumph.
Thanks for catching my oversight!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
