William Whyte <WWhyte(_at_)baltimore(_dot_)com> writes:
William suggests byte reversal instead, which seems ok from both
perspectives.
Okay. So, since bitwise-NOT and bit-reversal both have shortcomings, what
are you going to use as the mandatory to implement transform?
As Stephen says, I've suggested byte reversal. In fact, what I
would most like to see as the mandatory to implement transform
is X9.63 key derivation (the key derivation function referred
to as KDF2 in IEEE P1363a), but to the best of my knowledge there's
no stable, freely-available description of this that we could
reference. If anyone fancied writing it up as an RFC that'd
be very nice...
How about using the PRF from TLS? It's HMAC-based, widely viewed
as strong, and easily referenceable.
-Ekr