Selling It: Crypto Edition

Ad with SHA 256 'encryption'

Here is a crypto version of “Selling It,” a long-running back-page column in the magazine Consumer Reports. For those unsure of the acronyms, “SHA-256” stands for a version of the Secure Hash Algorithm yielding a 256-bit output. SHA is not encryption. People have used hash algorithms for encryption, but the results are poor.

“Selling It” highlights awkward, ignorant, and contradictory advertisements. Typical examples are a cleaning company ad offering “Roof blown off for free” and a wine bottle whose price tag says “Machine Washable.”

The basic way to encrypt with a hash is to create a stream cipher. The hash generates the key stream: each time you need more bits, you hash the previous hash output. This approach was used in some older software; you can attack it with a bit of known plaintext. We can block the obvious attack, but it’s like putting lipstick on a pig.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.