Re: keys and counters
- From: David Eather <eather@xxxxxxxxxx>
- Date: Wed, 17 Sep 2008 23:34:54 +1000
Antony Clements wrote:
"Stefan Pinzel" <stefan.pinzel@xxxxxxxxxxxxxxxxxxx>No, since SHA256 is limited to 256 bits.
sha256 has 256 bit output, just like sha512 is a 512 bit output.
but that was not the question.
I think that was the question. From what you say below I think you did not phrase it very well.
if you have a string "hello world!" and append a counter and then hash it, how many times can the counter be incremented before there is a collision in the hash, that is what i am asking. it has nothing to do with the size of the hash output.
as Mr Rose pointed out that if the counter is transmitted in the clear, then the attacker can guess the key and recreate the hash, while it's possible, it's not exactly in the realms of feasable, neither your answer or his answer the two fundamental questions being asked..
question 1) if there is a counter of unlimited size that is incremented every time the key function is run, would each >unique< hash result constitute an OTP
No. A OTP has very specific requirements that might be summarised as each bit being totally unpredictable regardless of how many bits you know that were generated before or after the one you are guessing. A hash function operated in such a counter mode as you suggest does not have this property - if I can guess or discover the input to the first block then I will know all the other blocks.
You might think that some attacks are unreasonable/infeasible but do you really know what is possible to the world's largest employer of mathematicians, who have had for many years the world's largest computer budget and unlimited access to 60 plus years of classified research or what is possible for any of the other multi-billion dollar "smaller" big brothers?.
If you receive a valid answer that is not what you wanted, whose fault is that? More accurate questions and if needed, follow questions would be appropriate. Serious crypto has a serious standard because of the type of attacks and types of opponents possible. Recreational cryptography is different and if that is what you want you could join the ACA.
As a general guide, a collision is expected after approximately the square root of all possible outputs has been generated. In the sha256 case, after about 2**128 iterations you would expect a collision. After that collisions come much faster.
question 2) how many times can the counter be incremented before there is a collision in the sha256 output. ie producing the same output twice.
Also, 2**128 also represents the brute force approach - there may be algorithmic techniques that will get you there much sooner. An example of this happening is the 128 bit hash function MD4. At first MD4 was thought secure, even if wasn't very conservative. Collisions which should have taken 2**64 computations can now, in some cases, be done in ten minutes with a pen and pencil.
.
- References:
- keys and counters
- From: Antony Clements
- Re: keys and counters
- From: Antony Clements
- Re: keys and counters
- From: Stefan Pinzel
- Re: keys and counters
- From: Antony Clements
- keys and counters
- Prev by Date: Re: keys and counters
- Next by Date: Re: keys and counters
- Previous by thread: Re: keys and counters
- Next by thread: Re: keys and counters
- Index(es):
Relevant Pages
|
