The Pure Crypto Project's Hash Function

[Pete Chown]

Eric Murray wrote:

> SHA1 as a primitive can be used for other things like making a
> symmetric encryption algorithm.  There have even been some research
> papers published on the strength of SHA-MDC.

The other option is to use Rijndael for encryption; you can then reuse
the code in a Davies-Meyer hash function.  The nice thing about Rijndael
is that it supports 256-bit blocks, so you get a 256-bit version of
Davies-Meyer.  If you are doing 128-bit encryption, you may well want
256-bit hash functions to avoid problems with the birthday "paradox".

The other option is to use a hash construction like MDC-2 with a smaller
block size, but I believe this is patented.

I wonder if there is an alternative way of verifying something like a 
SHA-1 implementation.  First of all, you try to make sure that there are 
no memory problems such as buffer overruns.  You then treat the 
algorithm as a black box and try a few test vectors.  If it gets the 
test vectors right, and it looks roughly like SHA-1, it's probably 
correct.  It would be difficult to come up with an algorithm that is the 
same as SHA-1 for nearly all inputs, has code which looks identical to 
SHA-1 on a casual inspection, and can be made to leak something 
worthwhile if you know about the bug.

-- 
Pete


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com