> Somewhat related to that, are there any block cipher->hash function methods > that are actually secure? Every one I've ever read about seems to have been > broken.
One standard method is to use Davies-Meyer mode with a block cipher that has a very strong key schedule and has a sufficiently large block size (at least 128 bits). I'm not sure I'd recommend doing this with AES, as I'm not sure how well studied AES's key schedule is. Personally, if I had a choice, I'd prefer hash functions like SHA1, but if that's not an option, Davies-Meyer might be a reasonable alternative. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]