[16222] in cryptography@c2.net mail archive
Re: Time for new hash standard
daemon@ATHENA.MIT.EDU (Damien Miller)
Tue Sep 21 14:23:11 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 21 Sep 2004 16:42:37 +1000
From: Damien Miller <djm@mindrot.org>
Cc: cryptography@metzdowd.com
In-Reply-To: <p06110460bd73d189d8a2@[66.149.49.5]>
R. A. Hettinga wrote:
> Luckily, there are alternatives. The National Institute of Standards and
> Technology already has standards for longer - and harder to break - hash
> functions: SHA-224, SHA-256, SHA-384, and SHA-512. They're already
> government standards, and can already be used. This is a good stopgap, but
> I'd like to see more.
I haven't seen any discussion on constructions based on "universal
hashing", like the UHASH underlying UMAC[1]. Can any cryptographers
comment on this?
UMAC seems like a particularly nice MAC, because it is supposedly
provably-secure (to the extent that AES is) and benefits from hardware
speedups to AES.
-d
[1] http://www.cs.ucdavis.edu/~rogaway/umac/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
