[Cryptography] FIPS, NIST and ITAR questions

Bill Stewart bill.stewart at pobox.com
Tue Sep 3 23:05:35 EDT 2013

At 03:06 PM 9/3/2013, Jerry Leichter wrote:
>On Sep 3, 2013, at 3:16 PM, Faré <fahree at gmail.com> wrote:
> > Can't you trivially transform a hash into a PRNG, a PRNG into a
> > cypher, and vice versa?
>I don't actually know if there exists a 
>construction of a PRNG from a cryptographically 
>secure hash function.  (You can build a MAC, but 
>even that's not trivial; people tried all kinds 
>of things that failed until the HMAC construction was proven correct.)

PRNG is not necessarily a cryptographically 
strong term.  But isn't counter-mode hash likely to be ok?
         Counter = seed;
         while (counter++) Output(Hash(counter));
                 // or as somebody said Output(Hash(seed||counter||seed));
                 // and you probably need to pad 
it to be long enough for the hash to be happy.
Obviously if somebody discovers the seed the whole thing is toast.

And you can turn the PRNG into a stream cypher by 
doing plaintext[x] xor PRNG[x], with the usual limitations.

None of that has any bearing on ITAR, of course.

More information about the cryptography mailing list