Hacker News new | ask | show | jobs
by cdavidcash 5199 days ago
Cryptographic hash functions, by contrast, are not well understood at all. They are "magic" in many ways, and aren't modeled after anything. Many more "bad things" happen in this space than in the block cipher space.

Is this a common opinion amongst practitioners? The opposite philosophy (e.g., that a random oracle is a "weaker object" than an ideal cipher) underlies some lines of work in the theoretical cryptography literature.
2 comments
pbsd 5199 days ago
The two models are equivalent, in fact: http://eprint.iacr.org/2008/246

This of course says nothing about how to go about building an actual cipher/hash that withstands all kinds of cryptanalysis.

Edit: apparently not so clear, I'm told: http://arxiv.org/abs/1011.1264

link
davidcash 5199 days ago
A better interpretation of that paper is that it is giving an upper [edit: upper bound] on how inequivalent the models are.

Also, that paper was subsequently shown to be fatally flawed. http://arxiv.org/abs/1011.1264

Anyway, yeah, a theoretical diversion.

link
tptacek 5199 days ago
Yes, it's a common opinion (I quoted Schneier on it downthread).
link