Jon (j_b) wrote,

  • Mood:

Dear Lazyweb,

A question for those who've studied a few chapters of cryptography...

So, I sure don't give Steve Gibson credit for being a qualified Crypto commentator. In fact, I'd lay odds that he's the sort who'd good-naturedly put together some available crypto algorithms in a naïve way that accidentally the whole security.

So, when some reddit comment linked to his page where he outlines his Very Own Mixed It Up Muh-Self hodgepodge of two secret values, some XOR, and Rijndael, it kinda struck me as the sort of thing that someone like Frank Stevenson would say like "oh ho ho, you have just invalidated six of the rounds of encryption by doing that, here's an 8 line program that spits out your alleged 'secret' values in 64MB and 12 seconds on a Pentium III".

Why exactly is it (specifically please, no guesses if you're not sure) that ciphers, PRNGs, and hashes are separate fields of endeavor?

It was my understanding (mistaken?) that the output of a "good" cipher being distinguishable from Truly Random Data indicated a weakness in the cipher ... so isn't it then fine to use as a PRNG? or isn't the last X bits at the end of encrypting with a known key using said cipher suitable as a hash?

Comments for this post were locked by the author