[13200] in cryptography@c2.net mail archive
Re: The Pure Crypto Project's Hash Function
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Mon May 5 10:24:04 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "Ralf Senderek" <ralf@senderek.de>
Cc: <cryptography@metzdowd.com>
Date: Mon, 5 May 2003 09:51:55 -0400
----- Original Message -----
From: "Ralf Senderek" <ralf@senderek.de>
To: "tom st denis" <tomstdenis@yahoo.com>
Cc: <cryptography@metzdowd.com>
Sent: Sunday, May 04, 2003 2:57 AM
Subject: Re: The Pure Crypto Project's Hash Function
> On Sat, 3 May 2003, tom st denis wrote:
>
> > As to making their own hash I too would have to strongly disagree with
> > that. You really ought to either design a cipher/hash or design a
> > cryptosystem.
>
> If there was a hash based on ModExp() with a long tradition of
> scrutiny like RSA for twenty years I surely would have taken it.
There is MASH-1 and MASH-2, based on modulo arithmetic
(see for example the Handbook of Applied Cryptography,
section 9.4.3).
They are relatively recent proposals, I don't know if there has
been any recent successful cryptanalysis on them.
They are based on sqmodn, which was broken by Coppersmith.
It's not the kind of hash algorithm I would feel comfortable with
for cryptographic purposes, but it surely was more widely
cryptanalyzed than what you proposed.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
