building a true RNG
David Wagner
daw at cs.berkeley.edu
Mon Jul 29 16:26:55 EDT 2002
> Somewhat related to that, are there any block cipher->hash function methods
> that are actually secure? Every one I've ever read about seems to have been
> broken.
One standard method is to use Davies-Meyer mode with a block cipher that
has a very strong key schedule and has a sufficiently large block size
(at least 128 bits). I'm not sure I'd recommend doing this with AES,
as I'm not sure how well studied AES's key schedule is. Personally,
if I had a choice, I'd prefer hash functions like SHA1, but if that's
not an option, Davies-Meyer might be a reasonable alternative.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list