[44495] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Exponent 3 damage spreads...

daemon@ATHENA.MIT.EDU (Damien Miller)
Tue Sep 19 07:37:52 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 19 Sep 2006 13:18:37 +1000 (EST)
From: Damien Miller <djm@mindrot.org>
To: Jostein Tveit <josteitv@pvv.ntnu.no>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, jas@extundo.com,
	cryptography@metzdowd.com
In-Reply-To: <ayh8xklo6df.fsf@decibel.pvv.ntnu.no>

On Fri, 15 Sep 2006, Jostein Tveit wrote:

> pgut001@cs.auckland.ac.nz (Peter Gutmann) writes:
> 
> > What's more scary is that if anyone introduces a parameterised hash
> > (it's quite possible that this has already happened in some fields,
> > and with the current interest in randomised hashes it's only a
> > matter of time before we see these anyway) [...]
>
> Both Rivest and Shamir said that they want a parameterised hash
> according to Paul Hoffman's "Notes from the Hash Futures Panel".
> <URL: http://www.proper.com/lookit/hash-futures-panel-notes.html >

Having a standard parametised hash function does not necessitate that
ASN.1 instances of their output have to be parametised too. IMO it 
would make more sense to pick a progression of sizes similar to
SHA{1,256,...}

-d


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post