Re: [PLUG] Does appending known information to a key compromise its hash

JP Vossen on 22 May 2009 15:28:20 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Does appending known information to a key compromise its hash?

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Does appending known information to a key compromise its hash?

Date: Fri, 22 May 2009 18:28:13 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

> Date: Thu, 21 May 2009 12:26:26 -0400 > From: "K.S. Bhaskar" <bhaskar@worldvista.org> > > Cryptographic hashes such (e.g., SHA-2) are a standard way to validate > encryption keys, but they don't validate the encryption algorithm / > variant (e.g., AES 256 CFB). If a program needs to ensure that a > certain key is not only the correct key, but also the correct key to > the algorithm it intends to use, it could, in theory, append the > algorithm to the key and hash both. So, if the key is "A Li1ttle Lamb > wa5 owned by mARY", instead of hashing only the key, one could hash "A > Li1ttle Lamb wa5 owned by mARYAES256CFB". > > One point of view says that this should not compromise the security of > the hash because appending a known (to an attacker) string to an > unknown key doesn't reduce the randomness in the key. The counter > argument is that if the information being hashed has a higher > percentage of known bits to unknown bits, the resulting hash is more > easily broken. > > Can anyone say definitively or point me to an appropriate reference? > > Thank you very much, in advance. ----- cut here ----- -----Original Message----- From: Bruce Schneier Sent: Thursday, May 21, 2009 05:06 PM To: JP Vossen Subject: Re: Does appending known information to a key compromise its hash? If this usage compromises the hash function, then it's a REALLY sucky hash function. -----Original Message----- From: Bruce Schneier Sent: Friday, May 22, 2009 08:40 AM To: JP Vossen Subject: RE: Does appending known information to a key compromise its hash? At 07:20 AM 5/22/2009, JP wrote: > Can I reply back to the posting and quote you? Sure. ----- cut here ----- How's that for definitive? :-) JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Does appending known information to a key compromise its hash?
From: "K.S. Bhaskar" <ksbhaskar@gmail.com>

Prev by Date: Re: [PLUG] PLUG W "intro to git" follow up

Next by Date: Re: [PLUG] Does appending known information to a key compromise its hash?

Previous by thread: [PLUG] USENIX Security '09 Registration Now Open

Next by thread: Re: [PLUG] Does appending known information to a key compromise its hash?

Index(es):

Date

Thread