[146566] in cryptography@c2.net mail archive
Re: [Cryptography] FIPS, NIST and ITAR questions
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Wed Sep 4 13:17:39 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <CAN7nBXfFWChG6DyRpd7to64Fpgn49mvWG-mBWKdZsh6MLO2a4w@mail.gmail.com>
Date: Wed, 4 Sep 2013 11:26:24 -0400
To: =?iso-8859-1?Q?Far=E9?= <fahree@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>, radix42@gmail.com,
Richard Salz <rich.salz@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sep 4, 2013, at 10:45 AM, Far=E9 <fahree@gmail.com> wrote:
>>> Can't you trivially transform a hash into a PRNG, a PRNG into a
>>> cypher, and vice versa?
>> No.
>> =
> =
>> Let H(X) =3D SHA-512(X) || SHA-512(X)
>> where '||' is concatenation. Assuming SHA-512 is a cryptographically se=
cure hash H trivially is as well. (Nothing in the definition of a cryptogr=
aphic hash function says anything about minimality.) But H(X) is clearly n=
ot useful for producing a PRNG.
>> =
> Just because it's trivial to produce bogus crypto doesn't mean it's
> non-trivial to produce good crypto, given a few universal recipes.
Look, if you want to play around a produce things that look secure to you a=
nd a few of your buddies - feel free to go ahead. If your system is only u=
sed by you and a few friends, it's unlikely anyone with the appropriate ski=
lls will ever care enough to attack your system, and you'll be "secure". A=
s always, "security" is mainly an *economic* question, not a purely technic=
al one.
But if you want to play in the crypto game as it's actually played today - =
if you want something that will survive even if you use it to protect infor=
mation that has significant value to someone willing to make the investment=
to get it from you - well, you're going to have to up your game. You're p=
laying at 1980's levels. The world has moved on - your opponents won't fee=
l constrained to do the same.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
