[Cryptography] SHA-256 decrypted (8 rounds)

McDair mcdair at protonmail.com
Fri Apr 5 06:23:36 EDT 2024 





Verzonden met Proton Mail beveiligde e-mail.

Op woensdag 3 april 2024 om 15:41 schreef Salz, Rich <rsalz at akamai.com>:

> At the risk of beating a dead horse...
> 
> > As mentioned before, encryption in its most general meaning is about protecting secrets. In this context it is not function-type specific.
> 
> 
> No. Please find a definition of encryption that does not mention decryption, or the recovery of the original text.
> 
> > Let's say you manage a web application's login credentials, and want to make sure your users' actual passwords will not be exposed in case your server/database gets compromised.
> 
> > You will be thinking of ways to encrypt this data, render it unreadable for an attacker. At this point it is function agnostic.
> 
> 
> You will more likely be thinking of a way to protect this data.
> 
> > It is perfectly fine to ultimately choose to use a cryptographic hash function to this end.
> 
> 
> Absolutely, using a digest to protect the data makes sense. Claiming it encrypts the data is using the term incorrectly, and the knowledgeable members of that community will try to correct you, perhaps a couple of times, before they decide you are not worth spending time with. I am, of course, using "you" in the hypothetical sense as you first proposed above.



>From the *NIST* site under possible definitions of encryption:

Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state.


https://csrc.nist.gov/glossary/term/encryption


This implies that it is not necessary to be able to transform back to the original data, allowing one-way functions here.


So I'm not trying to reinvent definitions, as one claims.


HOWEVER, I have a sneaking suspicion the general consensus here is this broader definition being incorrect, so I will take this into account.


McDair

More information about the cryptography mailing list