On Sep 4, 2013, at 10:45 AM, Faré <fah...@gmail.com> wrote: >>> Can't you trivially transform a hash into a PRNG, a PRNG into a >>> cypher, and vice versa? >> No. >> > >> Let H(X) = SHA-512(X) || SHA-512(X) >> where '||' is concatenation. Assuming SHA-512 is a cryptographically secure >> hash H trivially is as well. (Nothing in the definition of a cryptographic >> hash function says anything about minimality.) But H(X) is clearly not >> useful for producing a PRNG. >> > Just because it's trivial to produce bogus crypto doesn't mean it's > non-trivial to produce good crypto, given a few universal recipes. Look, if you want to play around a produce things that look secure to you and a few of your buddies - feel free to go ahead. If your system is only used by you and a few friends, it's unlikely anyone with the appropriate skills will ever care enough to attack your system, and you'll be "secure". As always, "security" is mainly an *economic* question, not a purely technical one.
But if you want to play in the crypto game as it's actually played today - if you want something that will survive even if you use it to protect information that has significant value to someone willing to make the investment to get it from you - well, you're going to have to up your game. You're playing at 1980's levels. The world has moved on - your opponents won't feel constrained to do the same. -- Jerry _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography