Symmetric ciphers as hash functions
cyphrpunk
cyphrpunk at gmail.com
Thu Nov 3 17:42:51 EST 2005
On 10/30/05, Arash Partow <arash at partow.net> wrote:
> How does one properly use a symmetric cipher as a cryptographic hash
> function? I seem to be going around in circles.
The usual method is to feed the data into the "key" slot of the
cipher, and to use a fixed IV in the "plaintext" slot. Then, add the
IV to the output ciphertext.
If the data is too big, break it up into pieces and chain these
constructions together. The output of one block becomes the input "IV"
of the next block.
To prevent length extension attacks, pad with an unambiguous final
suffix that includes the message length.
This is basically the Merkle/Damgard construction.
CP
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list