Secure Hashing for Entropy
-----BEGIN PGP SIGNED MESSAGE----- Often we have a source of entropy whose output we use as the input to a secure hash function. Does it matter if the hashing function is secure? I don't think so. All that really matters is that the function hashes evenly so that any input string is about as likely as any other input string to result in a particular hash. Even if the hash function is weak and collisions can be found, if it is even the same level of entropy is still available. Have I got this right? Monty Cantsin Editor in Chief Smile Magazine http://www.neoism.org/squares/smile_index.html http://www.neoism.org/squares/cantsin_10.htm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBNGi7K5aWtjSmRH/5AQHNmgf8DddkfsAzC1xTLmOn1eS8Vsxx7HgxwEOh VGpiRC2D29N+y0z9+JZltiNd298QmfvlArYRXBFAC8dKvznf6HWa/xPetW+KqebQ qOKel9hw3pfT8jeRC6G1M9oarWPjU9jOGLlv/DByCI8EcUVvb3Kk9PxdywFpT289 vEFmfDQObHH9BtQFf2hrphx8FtE8QHWIeJMcA16QfKZX/nel9pWEyaXUfE6Rvwuh 3REctj4E/uoTi4FRBjxgFx4pnraIGqg2wVA8Q/iGr41BxauBgRZ+sMZt0CH/x9cc IAKSUuY709Gme6HEqWLyMDdIDZ3Y24xbd9r3eyjFGZZYeaGwG4KowQ== =Ey6Q -----END PGP SIGNATURE-----
Monty Cantsin wrote:
Often we have a source of entropy whose output we use as the input to a secure hash function.
Does it matter if the hashing function is secure? I don't think so. All that really matters is that the function hashes evenly so that any input string is about as likely as any other input string to result in a particular hash. Even if the hash function is weak and collisions can be found, if it is even the same level of entropy is still available.
Have I got this right?
In the case where: 1) Your entropy source is as good as you think it is 2) Your opponent knows nothing about the data from your entropy source and 3) Your entropy mixes the way you expect it to. this is indeed the case. If you're not completely sure about the above, using a cryptographic hash requires your hypothetical opponent to be able to reverse the hash to exploit what they know, rather than simpler computations. Since it seems that paranoia pays off in the design of cryptographic software, I'd recommend always using a strong hash. Jon Leonard
participants (2)
-
Jon Leonard -
Mix