RE: blowfish cryptographic hash function

From: Bob the Builder (builder173at_private)
Date: Fri Aug 16 2002 - 08:47:54 PDT

Next message: Valdis.Kletnieksat_private: "Re: blowfish cryptographic hash function"

Previous message: Seth Arnold: "Re: blowfish cryptographic hash function"
Maybe in reply to: James Davis: "blowfish cryptographic hash function"
Next in thread: Valdis.Kletnieksat_private: "Re: blowfish cryptographic hash function"
Reply: Valdis.Kletnieksat_private: "Re: blowfish cryptographic hash function"
Reply: Thomas Habets: "Re: blowfish cryptographic hash function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am thoroughly confused by this avenue of debate. The md5 hashing algorithm 
is based on the DES encryption algorithm. This is a reversible symetric 
algorithm the same as Blowfish. By implication suggesting that basing a 
hashing algorithm on a symmetric algorithm might not be such a good idea is 
tantamount to saying that md5 is probably not such a good idea either.

The point of using md5 is about obtaining a checksum for a given piece of 
data where it is difficult (computationally infeasable) to produce a second 
piece of data that results in the same checksum. This is core purpose of a 
hashing algorithm the encryption debate is an aside. As for what encryption 
key you would use and how this would affect the security this is largely an 
aside. Normally hashing algorithms are implemented using a null key for 
example the md5sum on unix usually uses a DES key that is just a string of 
zeroes. This does not affect the security of the resultant hash in terms of 
its value as a checksum. The only reason for wanting a keyed hash is if you 
are concerned about who might be able to make use of you hash.

As for the benefits of using Blowfish for implementing a hashing algorithm 
compared to using DES, presuming that Blowfish is no more or less secure 
than DES when used appropriately, then it is difficult to see why either 
should produce a more or less valuable hashing algorithm. In that md5 is 
widely used and recognized than a blowfish based hash then it is clearly 
more valuable at present. However in that this was done as an academic 
exercise it seems like a perfectly reasonable and sensible thing to do!

Kind regards,

Bob

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Valdis.Kletnieksat_private: "Re: blowfish cryptographic hash function"
Previous message: Seth Arnold: "Re: blowfish cryptographic hash function"
Maybe in reply to: James Davis: "blowfish cryptographic hash function"
Next in thread: Valdis.Kletnieksat_private: "Re: blowfish cryptographic hash function"
Reply: Valdis.Kletnieksat_private: "Re: blowfish cryptographic hash function"
Reply: Thomas Habets: "Re: blowfish cryptographic hash function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 18 2002 - 07:27:48 PDT