Content deleted Content added
No edit summary |
Added references to black-box articles by Winternitz and Black, Rogaway, and Shrimpton. |
||
Line 11:
* The resulting hash size is big enough. 64-bit is too small, 128-bit might be enough.
* The last block is properly [[Padding (cryptography)|length padded]] prior to the hashing. (See the Merkle-Damgård structure below.) Length padding is normally implemented and handled internally in specialised hash functions like [[SHA-1]] etc.
The constructions presented below: Davies-Meyer, Matyas-Meyer-Oseas and Miyaguchi-Preneel have been shown to be secure under the black-box analysis<ref>John Black, Phillip Rogaway, and Tom Shrimpton. ''Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV.'' Advances in Cryptology - CRYPTO '02, Lecture Notes in Computer Science, vol. 2442, pp. 320-335, Springer, 2002. See the table on page 3, Davies-Meyer, Matyas-Meyer-Oseas and Miyaguchi-Preneel are numbered in the first column as hash functions 5, 1 and 3.</ref>. The black-box model assumes that the used block cipher is secure.
== The Merkle-Damgård structure ==
Line 29 ⟶ 31:
Variations of this method replace XOR with any other group operation, such as addition on 32-bit unsigned integers.
If the used block cipher is not secure i.e. has been broken then a so-called fixed point attack can be applied to this construction. According to Bruce Schneier this "is not really worth worrying about"<ref>''Applied Cryptography'', second edition, page 448</ref>.
The security of the Davies-Meyer construction under the black-box assumption was first proved by R. Winternitz<ref>R. Winternitz. ''A secure one-way hash function built from DES.'' In Proceedings of the IEEE Symposium on Information Security and Privacy, p. 88-90. IEEE Press, 1984.</ref>.
<br style="clear:both"/>
| |||