On Mon, 14 Mar 2005, alok wrote:
IIRC, you can turn any private key crypto system into a hasing algorithm. Given an encryption function c = f(k, p) where c is the resulting ciphertext, k is the private key, and p is the plaintext, you can use it as a hash function s' = h(t, s) where s' is the new hash state, s is the previous hash state, and t is the text to hash, by just going h(t, s) = f(t, s). Note that the text being hashed becomes the key for the encryption function, not the plaintext! This assumes no weak keys for the cipher, obvious. Breaking the hashing function is then equivelent to launching a known-plaintext attack on the cipher.
As long as its matrix into matrix it is matrix into matrix :) just one flaw being the hash collision.
Yeah, you need large key sizes- 128 bits keys just aren't enough (they allow birthday attacks to be computationally feasible). But I note that all the AES finalists went to 256 bit key sizes. This would put a birthday attack at about 128 bits of complexity- sufficient. Anything less than about 160 bits of key space is a bad idea.
Generally, the bit sizes work out, for obvious reasons.
Brian
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
