On Sat, 4 Feb 2006, Travis H. wrote:
Suppose that /dev/random is too slow (SHA-1 was never meant to
generate a lot of output) because one of these machines wishes to
generate a large file for use as a one-time pad*. That leaves
distributing bits.
* /dev/random's output is limited by available entropy, not the speed of sha1.
You want /dev/urandom instead.
* You're talking about a stream cipher, not a OTP, especially since an
attacker could see the "plaintext" over the network and would only need to
break the cipher to get at the "pad"
* It's dangerous to offhandedly propose stream ciphers, especially when we
have some tried and tested ones, and it doesn't really make sense to use them
as if they were OTPs, since then you get the benefits of neither
* Hash functions are comparably fast to ciphers anyway, and are plenty fast
for the application you propose:
[EMAIL PROTECTED] ~$ openssl speed sha1
Doing sha1 for 3s on 16 size blocks: 1718543 sha1's in 2.99s
...
[EMAIL PROTECTED] ~$ dc
1718543 20 *p
34370860
So sha1 generates 34Mbyte/sec, which is enough to saturate a gigabit ethernet
link in many installations.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
