[tptacek]

It's not written super clearly (though the article itself is an interesting and ambitious piece of technical writing) but the impression I get is that he's referring to the role of hash functions in cryptosystems: for signatures, transcript hashes, key derivation, channel binding, and things like that. Cryptographic hash functions are the glue that binds crypto protocols together.

But you can also trivially turn a hash function into a cipher and encrypt with it (apologies if I missed an explanation of this in the article). Just hash a key and a counter together to create a keystream and XOR your plaintext to it. That's how Salsa20 and ChaCha20 work. (Interestingly, the reverse process --- converting a block cipher into a hash function --- is where we historically get our cryptographic hash functions from).

[layer8]

I’m familiar with hash functions for signatures, however I’m confused about the mention for encryption, in particular with respect to the context of common schemes like AES and RSA. I guess hashing a key is an option though.

[commandersaki]

Modern hashing functions pretty much offer encryption out of box like gimli or BLAKE2 family (I think they call it XOF mode).

This is pretty much thanks to the sponge construction.

[tptacek]

You can spitball a hash-based stream cipher with any hash function in just a couple lines of python. Take a 128 bit key string, and then hash it with an incrementing counter to get successive 32 bytes of keystream data, just like you would with AES in CTR mode.