Re: a makeshift hash solution

From: Tom St Denis (tomstdenis_at_gmail.com)
Date: 01/05/05 

Date: Tue, 04 Jan 2005 23:21:27 -0500

Tom Foolery wrote:
> Tom St Denis wrote:
>
>>Tom Foolery wrote:
>>
>>>what is this PK stuff?
>>
>>Public key.
>
>
> I figured as much. But how would I use a public key system to protect
> my keys? Unless you mean I should just forego my cipher and use public
> key system.

Um, the idea would be to forgo the "key library".

>>I still want to know what you mean by "keys in library".
>
>
> The way I'm storing keys right now is I put the number of keys, then I
> put the hash of the key, then I put the key. For example:
>
> 002
> 38c0971ba9079de3
> 11112222333344445555666677778888
> 1b9df47ac037be42
> 49ebc91de9304acbe18df39bd3
>
> then the program reads them into a list when the user tells it to.
> then when you decode a file with the correct formatting, it'll parse
> the hash that's in the file and compare to the hashes in the list. if
> it isn't there it'll say you don't have the key. of course, you can
> force a decipher with any key you want if you think the program is
> mistaken...

Why do you have multiple keys then? [I'm trying to understand the
problem you are trying to solve].

>>A MAC [message authentication code] is not a hash. Why not find out
>>what they both are and compare for differences?
>>
>
>
> Oh, you're just being picky now. So a MAC is keyed and a hash is
> unkeyed. In that case, I've been using a MAC all along. The way my
> function works is I use the given key to encipher a block of nulls,
> then I use that ciphertext as the key on another, shorter block of
> nulls. That's my 'hash' function.

Except that's not a hash or MAC. A hash is an unkeyed one-way
transformation of a message [with certain desireable cryptographic
properties]. A MAC is a like a hash except that only the key holder can
produce/verify the output [and forging takes 2^k time not 2^(k/2) time].

You would MAC the ciphertext [either in blocks or as a whole] and an
invalid MAC would arise from either tampered ciphertext or an invalid
input key. I usually just say "invalid mac" and document that it could
be from an invalid password. That way you don't have to give the
attacker additional information about the key.

Tom

Relevant Pages

  • Re: a makeshift hash solution
    ... > Tom Foolery wrote: ... But how would I use a public key system to protect ... the hash that's in the file and compare to the hashes in the list. ... A MAC and a hash sound like the same ...
    (sci.crypt)
  • Re: Davids authenticated encryption mode.
    ... that affect the security of the MAC? ... The attacker can not figure out any previous state from a guessed ... intermediate hash since it comes out of a secure one-way function. ... By the way Tom, I love your crypto programming library. ...
    (sci.crypt)
  • Re: Hash of Public key
    ... I answered you several times you can hash your public key in many different ... Calculate hash on concatenation of little endian modulus with little ...
    (microsoft.public.platformsdk.security)
  • Re: Hash of Public key
    ... other devices (not mine obviously like PC can be UPnP device too, WiFi, ... >I answered you several times you can hash your public key in many different ... Calculate hash on concatenation of little endian modulus with little ...
    (microsoft.public.platformsdk.security)
  • Re: Hash of Public key
    ... I answered you several times you can hash your public key in many different ... Calculate hash on concatenation of little endian modulus with little ...
    (microsoft.public.security)