[16075] in cryptography@c2.net mail archive
Re: Implementation choices in light of recent attacks?
daemon@ATHENA.MIT.EDU (bear)
Wed Sep 1 15:49:48 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 1 Sep 2004 11:43:43 -0700 (PDT)
From: bear <bear@sonic.net>
To: Jim McCoy <mccoy@mad-scientist.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <B0C0E07C-FC33-11D8-A6CC-000A95BD758E@mad-scientist.com>
On Wed, 1 Sep 2004, Jim McCoy wrote:
>After digesting the various bits of information and speculation on the
>recent breaks and partial attacks on various popular hash functions I
>am wondering if anyone has suggestions for implementation choices for
>someone needing a (hopefully) strong hash today, but who needs to keep
>the hash output size in the 128-192 bit range. A cursory examination
>of Tiger seems to indicate that it uses a different methodology than
>the MDx & SHAx lines, does this mean that it does not suffer from the
>recent hash attacks? Would a SHA256 that has its output chopped be
>sufficient?
>
>Any suggestions would be appreciated.
I believe that SHA256 with its output cut to 128 bits will be
effective. The simplest construction is to just throw away
half the bits.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
