I'm not certain I understand the benefits of using blowfish for a hashing algorithm. The primary purpose of a hashing algorithm (in the security realm) is to provide a one-way mechanism to allow information to be validated without actually having to have that information. With that said, blowfish being a two-way cryptographic protocol, it doesn't seem to be that it would feasable as a hashing algorithm, as the information can be decrypted either voluntarily or by cryptanalysis. Given, one-way functions can be cracked with brute force, however finding the original hashed string is very unlikely and I would imagine blowfish hashes would be more open to plain text attacks and the like. -----Original Message----- From: James Davis [mailto:james.davis@st-peters.oxford.ac.uk] Sent: Wednesday, August 14, 2002 6:25 PM To: forensicsat_private Subject: blowfish cryptographic hash function Hello, For the past few days I've been writing a program in the style of md5sum but that uses the blowfish algorithm to create a cryptographic hash function. I've been lurking in this group for a little while and thought it may be of some interest here. I'd be interested in what people think of my work so far, it compiles without problem as far as I know under Cygwin, Linux and OpenBSD. It's available at http://users.ox.ac.uk/~spet1067/bfsum/ and is far from polished at the moment. It's slow (although I have improved this), lacks the -c option of md5sum, ignores the binary/text options and the code is quite messy. For those who try it, I apologise for filename that results from compilation but I've been using the same Makefile in windows. James -- James Davis \ james.davis@st-peters.ox.ac.uk St. Peter's College \ PGP Key ID : 0x7E1F718A \ http://users.ox.ac.uk/~spet1067/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 03:28:54 PDT