[13203] in cryptography@c2.net mail archive
Re: The Pure Crypto Project's Hash Function
daemon@ATHENA.MIT.EDU (John Kelsey)
Mon May 5 12:28:37 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 05 May 2003 12:20:13 -0400
To: Rich Salz <rsalz@datapower.com>, Ralf Senderek <ralf@senderek.de>
From: John Kelsey <kelsey.j@ix.netcom.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <Pine.LNX.4.44L0.0305032009490.2736-100000@smtp.datapower.c
om>
At 08:13 PM 5/3/03 -0400, Rich Salz wrote:
>Very simple: known to be cryptographically secure. SHA-1 is good. Your
>invention is bad. End of discussion (from me).
Actually, SHA1 isn't known to be good, it's just strongly suspected to be
good. Other than information-theoretic stuff (e.g., one-time pads are
really known to be good), most stuff in cryptography is presumed good
because nobody knows how to break it, or even how to realistically come
close to breaking it.)
Of course, that doesn't mean that rolling your own hash function is a good
idea. Or that it makes any sense at all to build all your own primitives
in order to design some kind of secure system. It's like deciding you want
to design a better word processor than Word, and so starting by trying to
design your own microprocessor architecture.
> /r$
--John Kelsey, kelsey.j@ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
