The Pure Crypto Project's Hash Function
Pete Chown
Pete.Chown at skygate.co.uk
Sun May 4 10:07:46 EDT 2003
Eric Murray wrote:
> SHA1 as a primitive can be used for other things like making a
> symmetric encryption algorithm. There have even been some research
> papers published on the strength of SHA-MDC.
The other option is to use Rijndael for encryption; you can then reuse
the code in a Davies-Meyer hash function. The nice thing about Rijndael
is that it supports 256-bit blocks, so you get a 256-bit version of
Davies-Meyer. If you are doing 128-bit encryption, you may well want
256-bit hash functions to avoid problems with the birthday "paradox".
The other option is to use a hash construction like MDC-2 with a smaller
block size, but I believe this is patented.
I wonder if there is an alternative way of verifying something like a
SHA-1 implementation. First of all, you try to make sure that there are
no memory problems such as buffer overruns. You then treat the
algorithm as a black box and try a few test vectors. If it gets the
test vectors right, and it looks roughly like SHA-1, it's probably
correct. It would be difficult to come up with an algorithm that is the
same as SHA-1 for nearly all inputs, has code which looks identical to
SHA-1 on a casual inspection, and can be made to leak something
worthwhile if you know about the bug.
--
Pete
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list