It is possible to use a hash function to construct a block cipher with a structure

similar to DES. Because a hash function is one way and a block cipher must be
reversible (to decrypt), how is it possible?
Answer

Yes, Definitely it is possible to use a hash function like (SHA family, for instance) in OFB or
CFB (and possibly CTR), by using the hash function (with the key as part of the input!) in the
place of the block cipher encryption. . If you want to use a hash function, the best way is to
follow a Feistel structure, which is, coincidentally, the same kind of structure than what DES
uses.

The illustrations on the Wikipedia page are quite clear; you would use the hash function for
the "F" part, which combines one (sub)key and one half of the current block, to produce a
value which is to be XORed with the other half of the current block. The good thing about the
scheme is that the "F" function is always invoked in the same direction, both for encryption
and for decryption. Therefore, it can be a one-way function, like a hash function.

And yes any solid good hash function cannot be really "perfect" and there are a lot of small
subtle details which can sabotage the security of the best thought cipher structure. It is
advisable not to build your own crypto (unless you are quite clear with yourself that you do
it for learning and not to actually protect any data of value).

Now consider the opposite problem: using an encryption algorithm to construct a

one-way hash function. Consider using RSA with a known key. Then process a
message consisting of a sequence of blocks as follows: Encrypt the first block,
XOR the result with the second block and encrypt again, etc. Show that this
scheme is not secure by solving the following problem. Given a two-block
message B1, B2, and its hash: RSAH (B1, B2) = RSA (RSA (B1) ⊕ B2) Given an
arbitrary block C1, please construct C2 so that RSAH (C1, C2) = RSAH (B1, B2).
Thus, the hash function does not satisfy weak collision resistance.

Answer