[493] in cryptography@c2.net mail archive
Re: How bad is this?
daemon@ATHENA.MIT.EDU (Bill Stewart)
Fri Apr 4 11:34:32 1997
Date: Thu, 03 Apr 1997 22:25:20 -0800
To: perry@piermont.com
From: Bill Stewart <stewarts@ix.netcom.com>
Cc: cryptography@c2.net
In-Reply-To: <199704022008.PAA14026@jekyll.piermont.com>
At 03:08 PM 4/2/97 -0500, Perry E. Metzger wrote:
>> It would also seem a clever cryptographic hash would be the last thing
>> you would want here, since random selection of initial sequence
>> numbers would tend to negate their original function of protecting
>> successive incarnations of a connection from each other.
>
>Re-read 1948 more carefully. That issue is covered in the way it
>proposes to use the hash.
The hash that's needed is
F(localhost, localport, remotehost, remoteport)
where F() isn't predictable from outside. Would it be safe to use
F() = Hash32(RC4(key, "localhost, localport, remotehost, remoteport"))
where Hash32 is some vanilla N-bits-to-32-bites hash such as a CRC32
or simple xor-by-words or even just last-32-bits? ("key" is some passphrase,
perhaps plus a boot-time nonce.) RC4 is pretty fast, and you can do the
key setup once and save the state. You could even move "localhost" into
the key.
Or is using a stream-cypher as a hash just too unsafe?
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
