At 10:23 AM 12/8/00 -0800, Bram Cohen wrote: >On Tue, 5 Dec 2000, David Honig wrote: > >> Is there a reason not to use AES block cipher in a hashing mode >> if you need a secure digest of some data? > >Hashing modes of block ciphers require a re-key for every block, and hence >are really, really slow. > >-Bram Cohen Except for blowfish, most ciphers (IDEA, DES, Rijndael) can take a new key at the same time as a block of plaintext. Oops, was thinking hardware. Never mind. Seems though you could take a block cipher, key it with the first N bits of your message, then feed in blocks chained together, and output the last block. This has the hash property that changing any input changes the hash. Because we have used a cipher correctly, we get a secure hash --ie, its crypto-hard to spoof. What is the point (ie how does security gain) of rekeying in a block cipher used as a hash? Thanks, dh
- Re: Is PGP broken? Enzo Michelangeli
- Re: Is PGP broken? David Bird
- migration paradigm (was: Is PGP broken?) William Allen Simpson
- Re: migration paradigm (was: Is PGP broken... Bram Cohen
- AES (was Re: migration paradigm) Arnold G. Reinhold
- Re: migration paradigm (was: Is PGP br... Bram Cohen
- Re: migration paradigm (was: Is PG... Paulo S. L. M. Barreto
- Re: migration paradigm (was: Is PGP br... David Honig
- Re: migration paradigm (was: Is PG... David Wagner
- Re: migration paradigm (was: Is PG... Bram Cohen
- Re: migration paradigm (was: ... David Honig
- Re: migration paradigm (was: ... Paul Crowley
- Re: Is PGP broken? Ralf Senderek
- Re: Is PGP broken? Peter Gutmann
- Re: Is PGP broken? Enzo Michelangeli
- Re: Is PGP broken? lcs Mixmaster Remailer
- Re: Is PGP broken? L. Sassaman
- Re: Is PGP broken? Ralf Senderek
- Re: Is PGP broken? Steven M. Bellovin
- Re: Is PGP broken? Jeffrey I. Schiller
- Re: Is PGP broken? Peter Gutmann
