On Sep 4, 2013, at 10:45 AM, Faré <fah...@gmail.com> wrote:
>>> Can't you trivially transform a hash into a PRNG, a PRNG into a
>>> cypher, and vice versa?
>> No.
>> Let H(X) = SHA-512(X) || SHA-512(X)
>> where '||' is concatenation.  Assuming SHA-512 is a cryptographically secure 
>> hash H trivially is as well.  (Nothing in the definition of a cryptographic 
>> hash function says anything about minimality.)  But H(X) is clearly not 
>> useful for producing a PRNG.
> Just because it's trivial to produce bogus crypto doesn't mean it's
> non-trivial to produce good crypto, given a few universal recipes.
Look, if you want to play around a produce things that look secure to you and a 
few of your buddies - feel free to go ahead.  If your system is only used by 
you and a few friends, it's unlikely anyone with the appropriate skills will 
ever care enough to attack your system, and you'll be "secure".  As always, 
"security" is mainly an *economic* question, not a purely technical one.

But if you want to play in the crypto game as it's actually played today - if 
you want something that will survive even if you use it to protect information 
that has significant value to someone willing to make the investment to get it 
from you - well, you're going to have to up your game.  You're playing at 
1980's levels.  The world has moved on - your opponents won't feel constrained 
to do the same.

                                                        -- Jerry

The cryptography mailing list

Reply via email to