Re: How good are Davis-Meyer type hash functions made from block ciphers like AES?



So to continue above, my pseudocode is now:

byte digest[16] = { 0,0,... }
byte block[16] = { 0,0,... }
byte previous_digest[16]
integer block_counter = 0

; digest message
for each byte b of message
block[block_counter] = block[block_counter] xor b
block_counter = block_counter + 1
if block_counter == 16 then
block_counter = 0
save digest[] in previous_digest[]
encrypt digest[] with aes-128 using block[] as 128-bit aes-128
key
xor digest[] with previous_digest[]
end if
next

; do final block if there is remaining undigested data
if block_counter != 0
save digest[] in previous_digest[]
encrypt digest[] with aes-128 using block[] as 128-bit aes-128 key
xor digest[] with previous_digest[]
end if

; Merkle-Damgård length padding
fill first 8 bytes of block[] with { 0x80,0x00,0x00,0x00,...,0x00 }
fill last 8 bytes of block[] w/64-bit bytes hashed in little-endian
order
save digest[] in previous_digest[]
encrypt digest[] with aes-128 using block[] as 128-bit aes-128 key
xor digest[] with previous_digest[]

; digest[] now contains message digest
.



Relevant Pages