On Mon, 14 Mar 2005, alok wrote:
I doubt many people would actually use it if they know it can be easily broken..
Like someone said on the list "hey everyone uses it, it must be secure" is the mental genere.
Most people, including a depressingly large number of programmers, would probably consider ROT-13 secure. Right up until the point their credit card numbers got stolen.
Personally, I'd like to see OpenSSL start using private key crypto as hashing functions. The reason that work on dedicated hashing algorithms kinda died off after MD[45]/SHA* came out was that people figured out that they were the equivelent of private key encryption.
IIRC, you can turn any private key crypto system into a hasing algorithm. Given an encryption function c = f(k, p) where c is the resulting ciphertext, k is the private key, and p is the plaintext, you can use it as a hash function s' = h(t, s) where s' is the new hash state, s is the previous hash state, and t is the text to hash, by just going h(t, s) = f(t, s). Note that the text being hashed becomes the key for the encryption function, not the plaintext! This assumes no weak keys for the cipher, obvious. Breaking the hashing function is then equivelent to launching a known-plaintext attack on the cipher.
You can also use any hashing function to make a private key encryption algorithm. Even if the hashing function isn't invertible itself, you can use it as a (very expensive) s-box in a 1-round feistel network. Note that the key is the two text blocks being hashed- the previous state
are the plaintext and the next state is the ciphertext..
Brian
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
