>in fact, the only difference between sha1 and sha256 are the number of iterations (as I understand it anyway) No -- SHA-1 has quite a different design from the SHA-2 family (which includes SHA-224, SHA-256, SHA-384, and SHA-512). In fact, SHA-256/224 have fewer rounds than SHA-1. Not that this matters to anyone except real cryptography geeks, but hey, in case you were curious. Except, of course, that it's why the recent attacks against SHA-1 haven't generalized to SHA-2 yet (though the increased bit-length would probably protect them anyway). It is unclear to what extent this is coincidence and to what extent it is NSA Sneakiness. >if you ever have a hash produce its input as its output you end up in a loop where additional iterations will always produce the same output. True (at least for the simplest hash-based CPRNG design), but I'm pretty sure no-one has ever found such a input/output pair, and finding one is very similar to accomplishing a preimage attack, so I wouldn't worry about it much in practice.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds