Re: blowfish cryptographic hash function

From: Seth Arnold (sarnoldat_private)
Date: Fri Aug 16 2002 - 12:10:11 PDT

Next message: Seth Arnold: "Re: blowfish cryptographic hash function"

Previous message: James Davis: "RE: blowfish cryptographic hash function"
In reply to: Jonathan A. Zdziarski: "RE: blowfish cryptographic hash function"
Next in thread: Jonathan A. Zdziarski: "RE: blowfish cryptographic hash function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 15, 2002 at 03:53:36PM -0400, Jonathan A. Zdziarski wrote:
> I'll go ahead and assume you're not using a fixed key for all your
> hashes as that would be ludicrous.  My chicken scratch below...

Why would that be ludicrous? One wants published hashes to be verifyable
by everyone without needing to pass around copies of a key. If one could
generate a different plain-text input that hashes to the same value with
the same key, it would be a significant failing in blowfish, and not in
the hash function.

> The only real secure way to do this includes use of the previous hash
> value as the input.

Huh? What problem are you trying to solve? :) When using a block cipher
to create a hash function, One doesn't run the encryption algorithm in
ECB mode, instead one uses CBC mode and retains only the last block.

> If so, is blowfish secure enough to where you can't derive the key
> from the value with a reasonable brute force attack?  I've no idea.

The key setup time of blowfish is extremely expensive. Brute forcing the
key from known plaintext and ciphertext is going to be expensive. I
don't recall hearing of any attacks against blowfish that are faster
than brute-force.

> Schneier also mentioned differential cryptanalysis is easier with a
> symmetric algorithm on hashing than actual encryption.  Do you foresee
> the ability to predict patterns in ciphertext pairs (used in the key, of
> course) based on the encrypted hash value, to obtain the correct key?  

Key doesn't matter for this application. All-Nulls, all-ones, whatever.
As long as every copy of the program uses the exact same key. :)

> Also, since the key is the message to be encrypted (I assume), do you
> see any issues with the key length, processing power, etc.?

Eh? What? Is James's program using the message as a key to encrypt some
_other_ known text? If so, this changes everything... I would expect the
key setup time of blowfish to take entirely too long for this application.
(And I'm not sure about the security implications.)

-- 
http://immunix.org/

application/pgp-signature attachment: stored

Next message: Seth Arnold: "Re: blowfish cryptographic hash function"
Previous message: James Davis: "RE: blowfish cryptographic hash function"
In reply to: Jonathan A. Zdziarski: "RE: blowfish cryptographic hash function"
Next in thread: Jonathan A. Zdziarski: "RE: blowfish cryptographic hash function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 17:52:10 PDT