I stand corrected - nice brief.
-----Original Message-----
From: Ben Doom [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 20, 2002 2:45 PM
To: CF-Talk
Subject: RE: Encryption gurus please read
And I'm a writer for the show -- I don't always know what I'm talking about,
but I make it sound convinving. :-)
Actually, I've done some studies in cryptography, hashing, random numbers,
etc.
Anyway, the main distinguishing characteristic of hashing is that the same
input will /always/ produce the same output. Technically, the function
hash (data) { return 1; }
is a hash function, because for a string s, hash(s) consistently returns 1.
Of course, it's a fairly useless hash function. Generally, hash functions
return a result of a certain size n which could be considerably smaller than
the original data. This means that there are an infinite number of inputs
for a given output, so the hash is not typically considered reversable, and
the one-way nature of a hash is generally encouraged (so that there is no
easy way, for example, to "read" hashed passwords other than to hash them
until the results match). However, hash functions are generally written
such that no two inputs of similar length are likely to produce the same
result.
Encryption is defined that for some function
encrypt(msg, key)
there is a known function
decrypt(msg, key)
such that decrypt(encrypt(msg1, key1), key1 always returns msg1 (although
they often allow padding). There is no requirement that repeating the
encryption with the same key always returns the same result -- in fact, many
encryption functions pad the original message with a delimiter and then a
bunch of pseudorandom garbage which is stripped off at the end of the
decryption, so that the same message will be padded with different crap and
so the encrypted message is different. This is generally used to both hide
the length of the message.
Note that for hash functions, there is typically a many-to-one relationship
from input to output, while there is often a one-to-many relationship from
input to output for encryption. I always thought that was neat for some
reason.
Anyway, now that I've finished my lecture on one of my pet subjects, we can
all return to our regularly scheduled CF.
--Ben Doom
Programmer & General Lackey
Moonbow Software
: -----Original Message-----
: From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED]]
: Sent: Wednesday, November 20, 2002 5:29 PM
: To: CF-Talk
: Subject: RE: Encryption gurus please read
:
:
: Matthew Small wrote:
: > Hashing is not always a "theoretically unique" value. I know of hashes
: > that will produce the same hash value from different input values, but
: > those are not typically used in encryption/decryption algorithms, where
: > recovery of the original form is an issue. I've seen them in storage
: > algorithms when I was a student.
:
: Oops, right. Generic hashing is simply producing one value from another.
: The hash value should be consistent, but I don't know that it's a
: requirement in order to be termed as a hashing algorithm.
:
: As you mentioned though, the 1-way hashs are the ones that are used for
: security/authentication/etc.
:
: > In the end, I am not an encryption expert but I play one on TV. :-) I
: > was offering the reason I thought it most likely that the encryption
: > algorithm offers up multiple versions of encrypted text from the same
: > data.
:
: Yeah, I play one on the other similarly themed show 8^).
:
: --
: Mosh Teitelbaum
: evoch, LLC
: Tel: (301) 625-9191
: Fax: (301) 933-3651
: Email: [EMAIL PROTECTED]
: WWW: http://www.evoch.com/
:
:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
