[Cryptography] FIPS, NIST and ITAR questions
Bill Stewart
bill.stewart at pobox.com
Tue Sep 3 23:05:35 EDT 2013
At 03:06 PM 9/3/2013, Jerry Leichter wrote:
>On Sep 3, 2013, at 3:16 PM, Faré <fahree at gmail.com> wrote:
> > Can't you trivially transform a hash into a PRNG, a PRNG into a
> > cypher, and vice versa?
>No.
>[...]
>I don't actually know if there exists a
>construction of a PRNG from a cryptographically
>secure hash function. (You can build a MAC, but
>even that's not trivial; people tried all kinds
>of things that failed until the HMAC construction was proven correct.)
PRNG is not necessarily a cryptographically
strong term. But isn't counter-mode hash likely to be ok?
Counter = seed;
while (counter++) Output(Hash(counter));
// or as somebody said Output(Hash(seed||counter||seed));
// and you probably need to pad
it to be long enough for the hash to be happy.
Obviously if somebody discovers the seed the whole thing is toast.
And you can turn the PRNG into a stream cypher by
doing plaintext[x] xor PRNG[x], with the usual limitations.
None of that has any bearing on ITAR, of course.
More information about the cryptography
mailing list