Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: Extracting Entropy?
From: Matt Blaze (mabresearch.att.com)
Date: Mon Jun 19 2000 - 18:48:58 CDT
- Next message: David A. Wagner: "Re: Extracting Entropy?"
- Previous message: Peter Gutmann: "Re: Extracting Entropy?"
- Next in thread: lcs Mixmaster Remailer: "Re: Extracting Entropy?"
- Maybe reply: Matt Blaze: "Re: Extracting Entropy?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, this is not intended as a general hash function - in particular, the
pattern of which input bits affect which output bits depends entirely on
the hash function and the bit position and not on the actual input. You
expect that flipping any one input bit will flip half the outputs, but
its always the same ones. This is probably OK for converting passwords
into key material (and actually makes it easier to show that you aren't
destroying any input entropy), but is an awful property for a general
> Matt Blaze wrote:
> > I should point out that this construction is not designed to obscure the
> > input from the output (especially under differential probing), only
> > to give you m output bits that depend (each in a different way) on
> > the entire input.
> Perhaps I should add that as a requirement. OTOH, assuming H is perfect,
> wouldn't that make this construction resistant? But I assume you are
> reluctant to attempt to prove that.
> Coming to ApacheCon Europe 2000? http://apachecon.com/