Revision as of 02:16, 4 January 2007 edit Qutezuce (talk \| contribs) 13,755 edits No edit summary ← Previous edit		Revision as of 14:56, 6 January 2007 edit undo Atwater (talk \| contribs) 26 edits No edit summary Next edit →
Line 26: The Davies-Meyer hash compression function feeds each block of the message (m<sub>i</sub>) as the key to the block cipher. It feeds the previous hash value (H<sub>i-1</sub>) as the cleartext to be encrypted. The output ciphertext is then also [[exclusive-or\|XORed]] (<math>\oplus</math>) with the previous hash value (H<sub>i-1</sub>) to produce the next hash value (H<sub>i</sub>). In the first round when there is no previous hash value it uses a constant pre-specified initial value (H<sub>0</sub>). :<math>H_i = E_{m_i}{(H_{i-1})} \oplus {H_{i-1}}</math> If the block cipher uses for instance 256-bit keys then each message block (m<sub>i</sub>) is a 256-bit chunk of the message. If the same block cipher uses a block size of 128 bits then the input and output hash values in each round is 128 bits. Variations of this method replace XOR with any other group operation, such as addition on 32-bit unsigned integers. ~~This~~If ~~construction~~the isused ~~vulnerable~~block tocipher anhas ~~academic~~been ~~attack,~~broken ~~called~~then a so-called fixed point attack, ~~that~~can be applied to this construction. According to Bruce Schneier ~~says~~this "is not really worth worrying about"<ref>''Applied Cryptography'', second edition, page 448</ref>. <br style="clear:both"/>

One-way compression function: Difference between revisions