Cryptosmith

Cyber and security architecture, not bitcoins

Selling It: Crypto Edition

Ad with SHA 256 'encryption'

Here is a crypto version of “Selling It,” a long-running back-page column in the magazine Consumer Reports. For those unsure of the acronyms, “SHA-256” stands for a version of the Secure Hash Algorithm yielding a 256-bit output. SHA is not encryption. People have used hash algorithms for encryption, but the results are poor.

“Selling It” highlights awkward, ignorant, and contradictory advertisements. Typical examples are a cleaning company ad offering “Roof blown off for free” and a wine bottle whose price tag says “Machine Washable.”

The basic way to encrypt with a hash is to create a stream cipher. The hash generates the key stream: each time you need more bits, you hash the previous hash output. This approach was used in some older software; you can attack it with a bit of known plaintext. We can block the obvious attack, but it’s like putting lipstick on a pig.

Favorite Posts

Memory Sizes: kilo mega giga tera peta exaOctober 18, 2013
SCI//HCS-P/SI/TK at Mar-a-LagoJune 4, 2023
Stream Cipher Reuse: A Graphic ExampleMay 31, 2008
Password Hashing and CrackingMarch 26, 2021
Kilo mega giga teraOctober 19, 2013
Security Design PrinciplesOctober 19, 2013

ACSAC Android Apple attacks authentication Bitcoin Boak Calibre certificates CIA properties classified Clinton cloud computing Coursera CPU cracking crypto cybercurrency databases design principles domain names Drupal ebooks elections email encrypted messages evaluations file systems flaws Ft. Meade GUI history iOS iPhone KGB Kindle library malware memory sizes Microsoft mobile security MSSE Multics NSA NSTISSI 4011 OPDS passwords phishing President quantum Quizlet RAM risks secrecy spam SSL stream cipher TCSEC Top Secret training Trump UMN video Wordpress xor