Re: One real life secure random generator

New Message Reply About this list Date view Thread view Subject view Author view

bram (bram@gawth.com)
Sun, 12 Jul 1998 23:02:27 -0700 (PDT)


On Sun, 12 Jul 1998, Lewis McCarthy wrote:

> Bill Frantz wrote:
> >>> When we generate a random number, we compute enough MD5(entire pool || 8
> >>> byte sequence counter) to meet fill the requested size. The 8 byte
> >>> sequence counter is incremented for each new calculation.
>
> Bram writes:
> > Unfortunately that can result in hashing a large number of similar
> > bitstrings, making those available is an attack most hash functions aren't
> > really meant to withstand.
>
> Pardon? I assume we are discussing cryptographic hash functions whose
> designs are public. An attacker can certainly choose a large set of inputs,
> hash them all, and examine the resulting hash values. In what sense is this
> "an attack most hash functions aren't really meant to withstand"?

Hash functions are designed to make it difficult, given a hash, to find
something which hashes to that value. They are not designed to make ti
difficult to, given a whole slew of hashes of things which only vary by a
few bytes, find the bytes in common. Xoring with a sequence counter only
changes the last few bytes. I don't know of any actual results breaking
hashes in this way, but it could expose problems which proper use of the
hashes wouldn't.

-Bram


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:19 ADT