17 Dec
2003
17 Dec
'03
11:17 p.m.
hughes@ah.com (Eric Hughes) wrote:
There is a problem with generating random numbers by repeated iterations of a hash function when these numbers will be used to simulate an encrypted message body. The body can be seen to be generated by the algorithm. All you do is to apply MD5 to the first block and see if it's equal to the second block. This completely identifies the message as a hash-chain generation, and thus as a fake message.
Indistinguishability is a harder criterion to simulate than other notions of randomness.
Try xoring the output with a secret value between MD5 hashes.