Schneier didn't specify whether or not he felt this was a good or bad method, and makes a few interesting points about this method as well. I'll go ahead and assume you're not using a fixed key for all your hashes as that would be ludicrous. My chicken scratch below... The only real secure way to do this includes use of the previous hash value as the input. If you're going to be performing a significant number of hashes, this may be secure so long as all the hashes collectively are not being used for the same purpose or are presented in the same order (otherwise one would have plenty of plaintext and ciphertext to work with in finding the key). On top of this, using previous hash values for text means that if I want to verify the hash, I have to have the previous hash value used. If I encrypt the same message 1000 times, the only way to insure they will have the same result is to use the same plain text. Will you be including the previous hash value used with the hash value? If so, is blowfish secure enough to where you can't derive the key from the value with a reasonable brute force attack? I've no idea. Schneier also mentioned differential cryptanalysis is easier with a symmetric algorithm on hashing than actual encryption. Do you foresee the ability to predict patterns in ciphertext pairs (used in the key, of course) based on the encrypted hash value, to obtain the correct key? Also, since the key is the message to be encrypted (I assume), do you see any issues with the key length, processing power, etc.? In all likelihood you'll have a really long key and a really short plain text to encrypt with it (if the message is indeed the key). Do you foresee any loss/collissions as a result of having a shorter key? Will this method be too easy to crack with short keys, or too difficult to keep unique with long keys? I'm not against using a symmetric algorithm for hashing, but I am conerned about the surrounding details and the security of the key. I'm also by no means a crypto-expert, so forgive me if I sound skeptical..it just seems a bit confusing why anyone would want to use it when there are plenty of good one-way hashing algorithms out there. -----Original Message----- From: James Davis [mailto:james.davis@st-peters.oxford.ac.uk] Sent: Thursday, August 15, 2002 3:28 PM To: Jonathan A. Zdziarski; forensicsat_private Subject: RE: blowfish cryptographic hash function On Thu, 15 Aug 2002, Jonathan A. Zdziarski wrote: > With that said, blowfish being a two-way cryptographic protocol, it > doesn't seem to be that it would feasable as a hashing algorithm Can I refer you to section 18.11 of Applied Cryptography by Schneier "One-way hash functions using symmetric block algorithms"? James -- James Davis \ james.davis@st-peters.ox.ac.uk St. Peter's College \ PGP Key ID : 0x7E1F718A \ http://users.ox.ac.uk/~spet1067/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 03:31:29 PDT