On Thu, 15 Aug 2002, Jonathan A. Zdziarski wrote: > If so, is blowfish secure enough to where you can't derive the key from > the value with a reasonable brute force attack? I've no idea. I don't know, like the text says the hash function can only be as secure as the cryptographic algorithm that you are using. > Also, since the key is the message to be encrypted (I assume), do you > see any issues with the key length, processing power, etc.? I haven't thought about this so I don't know. > In all likelihood you'll have a really long key and a really short plain > text to encrypt with it (if the message is indeed the key). Do you > foresee any loss/collissions as a result of having a shorter key? Will > this method be too easy to crack with short keys, or too difficult to > keep unique with long keys? I haven't thought about this either, and I don't know. > I'm not against using a symmetric algorithm for hashing, but I am > conerned about the surrounding details and the security of the key. I'm > also by no means a crypto-expert, so forgive me if I sound skeptical..it > just seems a bit confusing why anyone would want to use it when there > are plenty of good one-way hashing algorithms out there. I'm not expecting other people to want to use it for real work, it's just something that I wanted to have a go out after reading about the algorithms in "Applied Cryptography". Don't worry about sounding skeptical, I'm no expert either and haven't thought a lot of it through either as you can see. James -- James Davis \ james.davis@st-peters.ox.ac.uk St. Peter's College \ PGP Key ID : 0x7E1F718A \ http://users.ox.ac.uk/~spet1067/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 03:34:25 PDT