Revision as of 19:28, 8 February 2006 edit Matt Crypto (talk \| contribs) 23,089 edits →See also: "cryptos" is a little slangy :) ← Previous edit		Revision as of 18:05, 9 February 2006 edit undo Davidgothberg (talk \| contribs) Extended confirmed users 16,980 edits Better introduction Next edit →
Line 1: In [[cryptography]], there are several methods to use a [[block cipher]] to build a [[cryptographic hash function]]. The methods resembles the [[block cipher modes of operation]] usually used for encryption. ~~Three such methods to turn any normal block cipher into a hash are '''Davies-Meyer''', '''Matyas-Meyer-Oseas''' and '''Miyaguchi-Preneel'''. They are described in detail further down.~~ Some methods to turn any normal block cipher into the ''compression function'' for a hash function are '''Davies-Meyer''', '''Miyaguchi-Preneel''', '''Matyas-Meyer-Oseas''', '''MDC-2''' and '''MDC-4'''. They are then used inside the '''Merkle-Damgård structure''' to build the actual hash function. These methods are described in detail further down. ([[MDC-2]] is also the name of a hash function patented by IBM.) Using a block cipher as a hash function usually is much slower then using a specially designed hash function. But in some cases it might be easier since it means just implementing a block cipher and then using it both as a block cipher and a hash function. It can also save code space in very tiny [[embedded system]]s like for instance [[smart card]]s or nodes in cars or other machines. Line 8 ⟶ 10: * The block cipher needs to be secure. * The resulting hash size needs to be big enough. 64-bit is too small, 128-bit might be enough. * The last block needs to be properly [[Padding (cryptography)\|length padded]] prior to the hashing. (~~This~~See the Merkle-Damgård structure below.) Length padding is normally implemented and handled internally in specialised hash functions like [[SHA-1]] etc.) == The Merkle-Damgård structure ==

One-way compression function: Difference between revisions