RE: blowfish cryptographic hash function

From: Jonathan A. Zdziarski (jonathanat_private)
Date: Thu Aug 15 2002 - 12:17:55 PDT

Next message: James Davis: "RE: blowfish cryptographic hash function"

Previous message: Muhammad Faisal Rauf Danka: "Re: Handling, possibly, encrypted data"
In reply to: James Davis: "blowfish cryptographic hash function"
Next in thread: James Davis: "RE: blowfish cryptographic hash function"
Reply: James Davis: "RE: blowfish cryptographic hash function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not certain I understand the benefits of using blowfish for a
hashing algorithm.  The primary purpose of a hashing algorithm (in the
security realm) is to provide a one-way mechanism to allow information
to be validated without actually having to have that information.  With
that said, blowfish being a two-way cryptographic protocol, it doesn't
seem to be that it would feasable as a hashing algorithm, as the
information can be decrypted either voluntarily or by cryptanalysis.
Given, one-way functions can be cracked with brute force, however
finding the original hashed string is very unlikely and I would imagine
blowfish hashes would be more open to plain text attacks and the like.

-----Original Message-----
From: James Davis [mailto:james.davis@st-peters.oxford.ac.uk] 
Sent: Wednesday, August 14, 2002 6:25 PM
To: forensicsat_private
Subject: blowfish cryptographic hash function


Hello,

For the past few days I've been writing a program in the style of md5sum
but that uses the blowfish algorithm to create a cryptographic hash
function. I've been lurking in this group for a little while and thought
it may be of some interest here.

I'd be interested in what people think of my work so far, it compiles
without problem as far as I know under Cygwin, Linux and OpenBSD. It's
available at http://users.ox.ac.uk/~spet1067/bfsum/ and is far from
polished at the moment. It's slow (although I have improved this), lacks
the -c option of md5sum, ignores the binary/text options and the code is
quite messy. For those who try it, I apologise for filename that results
from compilation but I've been using the same Makefile in windows.

James

--
James Davis           \        james.davis@st-peters.ox.ac.uk
St. Peter's College     \
PGP Key ID : 0x7E1F718A   \  http://users.ox.ac.uk/~spet1067/


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: James Davis: "RE: blowfish cryptographic hash function"
Previous message: Muhammad Faisal Rauf Danka: "Re: Handling, possibly, encrypted data"
In reply to: James Davis: "blowfish cryptographic hash function"
Next in thread: James Davis: "RE: blowfish cryptographic hash function"
Reply: James Davis: "RE: blowfish cryptographic hash function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 03:28:54 PDT