[16231] in cryptography@c2.net mail archive
RE: Time for new hash standard
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Mon Sep 27 13:42:50 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "'\"Hal Finney\"'" <hal@finney.org>, <cryptography@metzdowd.com>,
<nelson@crynwr.com>
Date: Wed, 22 Sep 2004 21:30:16 -0400
In-Reply-To: <20040920194356.EC32357E2B@finney.org>
I believe hash127 acts like an almost universal family of hash functions,
thus the word hash in it makes sense even though it is a MAC (but I might
not be recalling properly).
About MACs being easier to build, I agree it seems to be easier because of
the secret key involved.
If you don't like SHA1, I would suggest SHA-225/256/384/512, or something
based on a different design philosophy such as Tiger. Another interesting
alternative is hash functions based on a block cipher such as AES.
--Anton
-----Original Message-----
From: owner-cryptography@metzdowd.com
[mailto:owner-cryptography@metzdowd.com] On Behalf Of "Hal Finney"
Sent: 20 septembre 2004 15:44
To: cryptography@metzdowd.com; nelson@crynwr.com
Subject: Re: Time for new hash standard
Bruce Schneier wrote:
> Luckily, there are alternatives. The National Institute of Standards and
> Technology already has standards for longer - and harder to break - hash
> functions: SHA-224, SHA-256, SHA-384, and SHA-512. They're already
> government standards, and can already be used. This is a good stopgap, but
> I'd like to see more.
Russell Nelson suggested:
> http://cr.yp.to/antiforgery.html#hash127
I believe this is a MAC, despite the name. It seems to be easier to
create secure MACs than secure hash functions, perhaps because there are
no secrets in a hash, while in a MAC there is a secret key that makes
the attacker's job harder.
Hal
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
