I am thoroughly confused by this avenue of debate. The md5 hashing algorithm is based on the DES encryption algorithm. This is a reversible symetric algorithm the same as Blowfish. By implication suggesting that basing a hashing algorithm on a symmetric algorithm might not be such a good idea is tantamount to saying that md5 is probably not such a good idea either. The point of using md5 is about obtaining a checksum for a given piece of data where it is difficult (computationally infeasable) to produce a second piece of data that results in the same checksum. This is core purpose of a hashing algorithm the encryption debate is an aside. As for what encryption key you would use and how this would affect the security this is largely an aside. Normally hashing algorithms are implemented using a null key for example the md5sum on unix usually uses a DES key that is just a string of zeroes. This does not affect the security of the resultant hash in terms of its value as a checksum. The only reason for wanting a keyed hash is if you are concerned about who might be able to make use of you hash. As for the benefits of using Blowfish for implementing a hashing algorithm compared to using DES, presuming that Blowfish is no more or less secure than DES when used appropriately, then it is difficult to see why either should produce a more or less valuable hashing algorithm. In that md5 is widely used and recognized than a blowfish based hash then it is clearly more valuable at present. However in that this was done as an academic exercise it seems like a perfectly reasonable and sensible thing to do! Kind regards, Bob _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 18 2002 - 07:27:48 PDT