User: Password:
Subscribe / Log in / New account



Posted Dec 18, 2007 14:43 UTC (Tue) by njs (guest, #40338)
In reply to: offtopic by dlang
Parent article: On entropy and randomness

>in fact, the only difference between sha1 and sha256 are the number of iterations (as I
understand it anyway)

No -- SHA-1 has quite a different design from the SHA-2 family (which includes SHA-224,
SHA-256, SHA-384, and SHA-512).  In fact, SHA-256/224 have fewer rounds than SHA-1.  Not that
this matters to anyone except real cryptography geeks, but hey, in case you were curious.

Except, of course, that it's why the recent attacks against SHA-1 haven't generalized to SHA-2
yet (though the increased bit-length would probably protect them anyway).  It is unclear to
what extent this is coincidence and to what extent it is NSA Sneakiness.

>if you ever have a hash produce its input as its output you end up in a loop where additional
iterations will always produce the same output.

True (at least for the simplest hash-based CPRNG design), but I'm pretty sure no-one has ever
found such a input/output pair, and finding one is very similar to accomplishing a preimage
attack, so I wouldn't worry about it much in practice.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds