|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Mon, 05 Aug 2002 09:38:05 +0200
From: Klaus Pommerening <pom@imsd.uni-mainz.de>
To: cryptography@wasabisystems.com
David Wagner wtote:
> Amir Herzberg wrote:
> >
> >pseudo-random = AES_k (noise)
> >
> Don't use this -- it is broken.
>
Indeed it is. But what about
pseudo-random = AES_{noise}(k)
[splitting noise into appropriate blocks] - as long as AES is
believed to be secure against a known plaintext attack?
> I believe using SHA1 is superior to your method, and
> I believe "use SHA1" is still the correct advice to give
> to practitioners, ...
SHA1 should be faster anyway.
--
Prof. Dr. Klaus Pommerening [http://www.uni-mainz.de/~pommeren/]
Institut fuer Medizinische Biometrie, Epidemiologie und Informatik
Johannes-Gutenberg-Universitaet Mainz
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |