Re: New hash contest by NIST, similair to AES competition

According to Alan <alan@xxxxxxxxxx>:
Symmetric block ciphers can be used in various ways to produce a
message digest:

Technically, Whirlpool is a block cipher (named "W"), derived from
Rijndael, used in such a way. And so are other hash functions. The block
cipher associated with SHA-1 is called SHACAL.

The troubles with this approach are:

-- The hash output size is equal to the block size; the standard AES has
a 128-bit block size, which is fine for a block cipher but too small,
by modern standards, for a hash function.

-- The data is fed to the block cipher as the key. Key schedule is often
quite slow in block cipher designs.

-- The characteristics needed for a proper hash function are unusual
for a block cipher. Namely, collision attacks for the hash function
are related key attacks on the block cipher. Related keys are seldom
studied, not much is known about them, and they are of little
significance to a block cipher when used for encryption. Related keys
were not a selection criterion for the processus which selected Rijndael
as being the AES.

Hence further research is needed.


--Thomas Pornin
.

Relevant Pages

  • Re: Hash functions and streaming
    ... or use a well known block cipher ... The security of hash functions consists of preventing attackers from being ... "Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten ...
    (comp.security.misc)
  • Re: Size of a new hash standard
    ... Hash: SHA1 ... > and secure message digest. ... > the digest is secure if the cipher is secure. ... strength of further block cipher does not prevent collisions. ...
    (sci.crypt)
  • Re: One-to-one Hash functions
    ... none of today's popular hash functions is designed to ... the output blocks, where B is ... form a permutation of the ... any common block cipher like DES or Rijndael. ...
    (sci.crypt)
  • Re: block cypher from a hash function?
    ... Use the hash to generate a pseudo-random number string, ... You don't need to reverse the algorithm. ... Bruce also documents another block cipher that's constructed ...
    (sci.crypt)
  • Re: creating a key from a password
    ... As a rule, if you are new to cryptography, you should be very cautious ... So what you need is a hash function. ... you may use an encryption function as some sort of substitute. ... -- This usage of a block cipher is not likely to have been as thoroughly ...
    (sci.crypt)