Score:0

Crypto

Using the hash of the plaintext as the key

John Smith

7/28/23, 8:28 PM

I want to start off by being very clear: I'm not designing a system around this, this is 100% a hypothetical I was toying with.

Is there any harm in using the cryptographic hash of a plaintext as the key? For instance, if my message was Hello, world!, that produces the SHA256 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3. Is there any weakness in using this as a key?

If my system used a pre-determined set of messages, then I can clearly see the attack: hash all the messages, and try them all as keys.

So questions:

Is there any immediate weakness (assuming the messages I'm sending aren't pre-canned)?
Is using a nonce enough to overcome any weakness when using AES?
If not using a nonce, is it still viable?

0 + 0

hash

encryption

keys

poncho

7/28/23, 8:30 PM

Is this a cipher (that is, one in which the receiver is expected to decrypt)? If so, how does the receiver get the key?

John Smith

7/28/23, 8:32 PM

Does that matter? I'm not being snarky, I'm legitimately curious if that affects the answer. Can we just assume that's a separate problem? Let's say I hand the receiver the key/hash written on a piece of paper (i.e. abstract the problem away)

kelalaka

7/28/23, 10:07 PM

Does this answer your question? [Is Convergent Encryption really secure?](https://crypto.stackexchange.com/questions/729/is-convergent-encryption-really-secure)

tylo

7/29/23, 4:32 AM

Today's requirements for encryption is at the very least "IND-CPA". Which this fails. So in terms of encryption, this doesn't work. As a hash function, it's probably fine.

Score:1

Crypto

Maarten Bodewes

7/28/23, 8:38 PM

The biggest issue is of course that you would need to know the message to be able to decrypt it.

Is there any immediate weakness (assuming the messages I'm sending aren't pre-canned)?

Pre-canned is too loose a term. If an adversary can guess the plaintext in any way then the key would become known. The security of AES would be downgraded if the entropy in the message is lower than the key size.

Note that it is assumed that the adversary knows the hash function used (the Kerckhoff principle), so no security can be gained from that.

Is using a nonce enough to overcome any weakness when using AES?

AES doesn't use a nonce. Cryptographic schemes and block cipher modes of operations such as GCM may use a nonce. However, a nonce doesn't remove any other vulnerabilities of the scheme or mode of operation. Having a nonce may be a pre-condition for a specific scheme or mode of operation, but that's about it.

If not using a nonce, is it still viable?

No, it is not a good idea.

Possibly you would need to take a look at password based key derivation functions instead (PBKDF functions, also known as password hashes). These provide healthy things such as a salt and work factor / iteration count. The salt is probably the kind of nonce-usage that you are looking for, and the work factor makes it harder to guess the message.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Using the hash of the plaintext as the key

TH: การใช้แฮชของข้อความธรรมดาเป็นคีย์

RO: Folosind hash-ul textului simplu ca cheie

RU: Использование хэша открытого текста в качестве ключа

VI: Sử dụng hàm băm của bản rõ làm khóa

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.