At 03:06 PM 9/3/2013, Jerry Leichter wrote:
On Sep 3, 2013, at 3:16 PM, Faré <> wrote:
> Can't you trivially transform a hash into a PRNG, a PRNG into a
> cypher, and vice versa?
I don't actually know if there exists a construction of a PRNG from a cryptographically secure hash function. (You can build a MAC, but even that's not trivial; people tried all kinds of things that failed until the HMAC construction was proven correct.)

PRNG is not necessarily a cryptographically strong term. But isn't counter-mode hash likely to be ok?
        Counter = seed;
        while (counter++) Output(Hash(counter));
                // or as somebody said Output(Hash(seed||counter||seed));
// and you probably need to pad it to be long enough for the hash to be happy.
Obviously if somebody discovers the seed the whole thing is toast.

And you can turn the PRNG into a stream cypher by doing plaintext[x] xor PRNG[x], with the usual limitations.

None of that has any bearing on ITAR, of course.

The cryptography mailing list

Reply via email to