At 03:06 PM 9/3/2013, Jerry Leichter wrote:
On Sep 3, 2013, at 3:16 PM, Faré <fah...@gmail.com> wrote:
> Can't you trivially transform a hash into a PRNG, a PRNG into a
> cypher, and vice versa?
No.
[...]
I don't actually know if there exists a
construction of a PRNG from a cryptographically
secure hash function. (You can build a MAC, but
even that's not trivial; people tried all kinds
of things that failed until the HMAC construction was proven correct.)
PRNG is not necessarily a cryptographically
strong term. But isn't counter-mode hash likely to be ok?
Counter = seed;
while (counter++) Output(Hash(counter));
// or as somebody said Output(Hash(seed||counter||seed));
// and you probably need to pad
it to be long enough for the hash to be happy.
Obviously if somebody discovers the seed the whole thing is toast.
And you can turn the PRNG into a stream cypher by
doing plaintext[x] xor PRNG[x], with the usual limitations.
None of that has any bearing on ITAR, of course.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
