Join Log in
Score:2
phantomcraft avatar Crypto

Generate a key with a size bigger than the hash output length/security, is it possible?

pf flag
phantomcraft

Let's suppose I want to generate a 2048-bit key from a hash function with security up to 512-bits (such as Blake2b).

I take 4 high-resolution photos, hash them with a hash output length of 512-bits and concatenate all the hashes generating a 256-byte (2048-bits) key.

Will this scheme safely generate a key with real security of 2048-bits?

167
0 + 0
Score:2
kelalaka avatar Crypto
in flag
kelalaka

Using a hash function is a common way to extract entropy from non-uniform sources. Yes, the Blake2b cannot have more than 512-bit security, therefore you need to concatenate outputs of different inputs to achieve more bits. There is a slightly better way to achieve this; chaining; \begin{align} h_0 &= \operatorname{Blake2b}(image_0)\\ h_i &= \operatorname{Blake2b}(image_i\mathbin\| h_{i-1})) \end{align}

While 256-bit is enough for all to encrypt even against quantum adversaries, make sure that your input files carry enough entropy from the sources that they are taken. If the image repository is highly limited or the images have few variations, you may end up with bad entropy.

0 + 0
Gilles 'SO- stop being evil' avatar
cn flag
Gilles 'SO- stop being evil'
This answer is correct, but it's misleading and [being misinterpreted](https://crypto.stackexchange.com/questions/102237/is-it-possible-to-generate-a-key-from-a-hash-function-being-the-key-larger-than). Hash chaining is only secure here because each step uses a different image. If the same image is used, then output like $h_0||h_1 = H(\mathit{image} || H(\mathit{image}))$ with an $n$-bit hash function $H$ can be reconstructed from the first $n$ bits. Using all the inputs to derive all the output is a lot more robust. Concatenating the inputs as proposed in the question is better.
0
Reply
kelalaka avatar
in flag
kelalaka
@Gilles'SO-stopbeingevil' thanks, I'll update a little later.
0
Reply
phantomcraft avatar
pf flag
phantomcraft
Wow, I was really engaged in generating keys using concatenation or CTR mode for a unique photo, I couldn't have idea on what wrong I was. Thanks!
0
Reply
kelalaka avatar
in flag
kelalaka
This idea always bring the key selection from the movie [Johnny Mnemonic](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fs-media-cache-ak0.pinimg.com%2F736x%2Fb3%2F84%2F15%2Fb38415da0825d68e68e81652cb03252e.jpg&f=1&nofb=1)
0
Reply
phantomcraft avatar
pf flag
phantomcraft
I just needed to know an "yes" or "not", thank you. There is some stream ciphers that don't have a key schedule algorithm such as ISAAC and Pike (it seems Pike doesn't deliver full randomness in output using a bad key), this scheme could be useful to fill their internal states. Also, SEAL 3.0 has a 32768-bits internal state that should be filled with a hash function in counter mode as the author recommends, instead of using a CTR mode, using different key chunks per each hash function invocations could lead to a better security (32.768-bits of security at 4cpb is something wonderful to me).
0
Reply
phantomcraft avatar
pf flag
phantomcraft
I wrote a simple master key generator in bash based on your idea of chaining the random inputs: https://github.com/phantomcraft/mkeygen
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.