Re: [cryptography] Weak random data XOR good enough random data = better random data?
isn't the simplest solution would be to concatenate or XOR a counter? Thus H[0] = Hash(input) H[N] = Hash(H[N-1]+CTR) considering that hashes from MD4 to SHA-2 all have block sizes of 512 bits, much larger than their outputs, one could simply concatenate a 128-bit counter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Weak random data XOR good enough random data = better random data?
On Mon, Jul 28, 2014 at 9:23 AM, Lodewijk andré de la porte wrote: > If I XOR probably random data with good enough random data, does that > result in at least good enough random data? > Yes, in fact, it's provably at *least* as random as the most random of the two data sources: https://en.wikipedia.org/wiki/Product_cipher -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Weak random data XOR good enough random data = better random data?
From: Lodewijk andré de la porte Subject: Re: [cryptography] Weak random data XOR good enough random data = better random data? Come to think of it, is there or why isn't there a block-cipher mode that chains using a hashing algorithm? The main reason would be difficulty in proving security. Spacing on the term right now, but I’ll call it a cycle. Every hash function has cycles, so to define it: H[0] = Hash(input) H[N]= Hash(H[N-1]) The problem is that H[i] == H[j] where i =/= j. Every input for every hash has cycles, and current hashes have large numbers of them. CTR mode relies on the cycle length being the 2^block_size. CBC relies on the cycle length being very long. Proving the minimum cycle length in a hash is not something that I am aware ever having been done, making it effectively impossible to prove security. So while using a hash function in the block chaining sounds like a good idea, because we have proofs of security for CTR and CBC that say they are no weaker than the cipher, the hash mode would have to actually prove that it is stronger than the underlying cipher for the extra computation to be worth it. I can’t say that it is impossible to do, just that it hasn't been done, and I don't expect it to be done. Joe ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] "Godfather of Anonymity" David Chaum on BBC
"Horizon: The defenders of anonymity on the internet" http://www.bbc.com/news/technology-29032399 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
