On 10/30/05, Arash Partow <[EMAIL PROTECTED]> wrote: > How does one properly use a symmetric cipher as a cryptographic hash > function? I seem to be going around in circles.
The usual method is to feed the data into the "key" slot of the cipher, and to use a fixed IV in the "plaintext" slot. Then, add the IV to the output ciphertext. If the data is too big, break it up into pieces and chain these constructions together. The output of one block becomes the input "IV" of the next block. To prevent length extension attacks, pad with an unambiguous final suffix that includes the message length. This is basically the Merkle/Damgard construction. CP --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]