[8226] in cryptography@c2.net mail archive
Re: migration paradigm (was: Is PGP broken?)
daemon@ATHENA.MIT.EDU (David Wagner)
Wed Dec 6 01:32:17 2000
To: cryptography@c2.net
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 6 Dec 2000 05:54:35 GMT
Message-ID: <90kkar$13u$1@abraham.cs.berkeley.edu>
Reply-To: daw@cs.berkeley.edu (David Wagner)
David Honig wrote:
>Is there a reason not to use AES block cipher in a hashing mode
>if you need a secure digest of some data?
Yes. The standard hashing modes provide only 128-bit hash digests, and
for long-term collision-resistance, we'd probably like longer outputs.
Also, Rijndael has not been evaluated as thoroughly for security in
hashing modes as it has for security in encryption modes. Since hashing
modes stress the key schedule much more than encryption modes, the level
of assurance obtained may not be as high as one would like at present.
