Selling It: Crypto Edition

Ad with SHA 256 'encryption'

Here is a crypto version of “Selling It,” a long-running back-page column in the magazine Consumer Reports. For those unsure of the acronyms, “SHA-256” stands for a version of the Secure Hash Algorithm yielding a 256-bit output. SHA is not encryption. People have used hash algorithms for encryption, but the results are poor.

“Selling It” highlights awkward, ignorant, and contradictory advertisements. Typical examples are a cleaning company ad offering “Roof blown off for free” and a wine bottle whose price tag says “Machine Washable.”

The basic way to encrypt with a hash is to create a stream cipher. The hash generates the key stream: each time you need more bits, you hash the previous hash output. This approach was used in some older software; you can attack it with a bit of known plaintext. We can block the obvious attack, but it’s like putting lipstick on a pig.

*** This is a Security Bloggers Network syndicated blog from Cryptosmith authored by cryptosmith. Read the original post at: