On Thu, Aug 15, 2002 at 03:53:36PM -0400, Jonathan A. Zdziarski wrote: > I'll go ahead and assume you're not using a fixed key for all your > hashes as that would be ludicrous. My chicken scratch below... Why would that be ludicrous? One wants published hashes to be verifyable by everyone without needing to pass around copies of a key. If one could generate a different plain-text input that hashes to the same value with the same key, it would be a significant failing in blowfish, and not in the hash function. > The only real secure way to do this includes use of the previous hash > value as the input. Huh? What problem are you trying to solve? :) When using a block cipher to create a hash function, One doesn't run the encryption algorithm in ECB mode, instead one uses CBC mode and retains only the last block. > If so, is blowfish secure enough to where you can't derive the key > from the value with a reasonable brute force attack? I've no idea. The key setup time of blowfish is extremely expensive. Brute forcing the key from known plaintext and ciphertext is going to be expensive. I don't recall hearing of any attacks against blowfish that are faster than brute-force. > Schneier also mentioned differential cryptanalysis is easier with a > symmetric algorithm on hashing than actual encryption. Do you foresee > the ability to predict patterns in ciphertext pairs (used in the key, of > course) based on the encrypted hash value, to obtain the correct key? Key doesn't matter for this application. All-Nulls, all-ones, whatever. As long as every copy of the program uses the exact same key. :) > Also, since the key is the message to be encrypted (I assume), do you > see any issues with the key length, processing power, etc.? Eh? What? Is James's program using the message as a key to encrypt some _other_ known text? If so, this changes everything... I would expect the key setup time of blowfish to take entirely too long for this application. (And I'm not sure about the security implications.) -- http://immunix.org/
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 17:52:10 PDT