0
$\begingroup$

I have been practicing using Manuel Blum's Mental Hash Function for personal use, described in the link below:

Mental Cryptography and Good Passwords

However, Rob Shearer has shown that the function itself is insecure as a hash with his blog post:

The "Blum Mental Hash" Is A Lousy Idea

For the use case of creating and using passwords without having to use a password manager on your computer or pen and paper to calculate the hash or any other physical artifacts other than what you can calculate in your head, is this "security through obscurity" provided that the plaintext, ciphertext, and keys are kept secret?

Improve this question
$\endgroup$

1 Answer 1

Reset to default
1
$\begingroup$

Shearer's analysis is sound, and precisely summarizes what's wrong. The key itself can be recovered using samples of ciphertext - which is exactly the opposite of what you want from cryptography.

Improve this answer
$\endgroup$
2
  • $\begingroup$ I agree with Shearer's analysis, except for one point that his crack is based, "Upon further analysis, you can exploit the information leaked to reconstruct an entire key from just a few dozen encoded characters!" My issue is that you're not supposed to leak your the ciphertext (i.e. your password). $\endgroup$ Commented Apr 21, 2024 at 4:13
  • 1
    $\begingroup$ @its.just.me Of course you're not supposed to ... but much of the point of cryptography is to be robustly resistant to attack if it happens anyway. There's not much use for cryptography that expects the ciphertext (the result of encryption) to remain secret. $\endgroup$ Commented Apr 22, 2024 at 5:40

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.