[502] in cryptography@c2.net mail archive
Re: How bad is this?
daemon@ATHENA.MIT.EDU (Colin Plumb)
Fri Apr 4 17:37:10 1997
Date: Fri, 4 Apr 97 15:25:33 MST
From: colin@nyx.net (Colin Plumb)
To: stewarts@ix.netcom.com
Cc: cryptography@c2.net
> The hash that's needed is
> F(localhost, localport, remotehost, remoteport)
> where F() isn't predictable from outside. Would it be safe to use
> F() = Hash32(RC4(key, "localhost, localport, remotehost, remoteport"))
> where Hash32 is some vanilla N-bits-to-32-bites hash such as a CRC32
> or simple xor-by-words or even just last-32-bits? ("key" is some passphrase,
> perhaps plus a boot-time nonce.) RC4 is pretty fast, and you can do the
> key setup once and save the state. You could even move "localhost" into
> the key.
> Or is using a stream-cypher as a hash just too unsafe?
Well, consider a CRC32 (and xor-tby-words is a degenerate case of that,
with apolynomial of x^32+1). This is linear, and a morphism
W.R.T. xor, i.e. CRC32(x ^ y) = CRC32(x) ^ CRC32(y). Now,
RC$(key, data) is basically RC4(key) ^ data, since RC4 just generates
a key stream.
So F() = CRC32(RC4(key) ^ "localhost, localport, remotehost, remoteport")
= CRC32(RC4(key)) ^ CRC32("localhost, localport, remotehost, remoteport")
.. which is, as far as an attacker is concerned, just
= key32 ^ CRC32("localhost, localport, remotehost, remoteport")
... which is Not Very Secure.
--
-Colin
