> The comments in the Linux kernel claim that SHA does not leak > information. Are you saying that it does, or that it could? The two > are not the same thing at all. A block cypher could leak information > (i.e. be flawed), in theory.
The original version of Yarrow did use a hash function rather than an encryption function. However the authors were criticized for this since hash functions are not specifically designed to be strong in the manner required. In practice, hash functions are probably OK. No one knows how to find any structure in X_new = F(K_secret, counter) when F is a good hash function like SHA-1, any more than when it is an encryption function. (Technically, the encryption is a random permutation rather than a random function, which is slightly better, but by itself this is not a major advantage.) However a robust encryption function has had its vulnerability to this kind of attack thoroughly examined, while SHA-1 being used in this form hasn't been looked at so closely. However as I wrote earlier, there is no reason to shy away from encryption functionality in Freenet, at least not because of US policies. The days of restrictions on encryption technology are slipping away. We should look forward to a world where encryption is widely used. Freenet absolutely needs encryption if it is to fulfill its goal of protecting the privacy of its users. Hal _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
