applied cryptography - protocols, algorithms, and source code in c

If h is one way but not collision free mallory can

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth) Go! Keyword Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book: Go! Previous Table of Contents Next ----------- Other Schemes Ralph Merkle proposed a scheme using DES, but it’s slow; it only processes seven message bits per iteration and each iteration involves two DES encryptions [1065, 1069]. Another scheme [1642, 1645] is insecure [1267]; it was once proposed as an ISO standard. 18.12 Using Public-Key Algorithms It is possible to use a public-key encryption algorithm in a block chaining mode as a one-way hash function. If you then throw away the private key, breaking the hash would be as difficult as reading the message without the private key. Here’s an example using RSA. If M is the message to be hashed, n is the product of two primes p and q, and e is another large number relatively prime to (p - 1)(q - 1), then the hash function, H(M ), would be H(M ) = Me mod n An even easier solution would be to use a single strong prime as the modulus p. Then: H(M ) = Me mod p Breaking this problem is probably as difficult as finding the discrete logarithm of e. The problem with this algorithm is that it’s far slower than any others discussed here. I don’t recommend it for that reason. 18.13 Choosing a One-Way Hash Function The contenders seem to be SHA, MD5, and constructions based on block ciphers; the others really haven’t been studied enough to be in the running. I vote for SHA. It has a longer hash va...
View Full Document

Ask a homework question - tutors are online