[8227] in cryptography@c2.net mail archive
Re: Re: migration paradigm (was: Is PGP broken?)
daemon@ATHENA.MIT.EDU (sao19677@terra.com.br)
Wed Dec 6 10:31:20 2000
From: sao19677@terra.com.br
Date: Wed, 6 Dec 2000 08:32:54 -0200
Message-Id: <200012061032.IAA24879@srv9-sao.sao.terra.com.br>
To: daw@mozart.cs.berkeley.edu, cryptography@c2.net,
paulo.barreto@terra.com.br
MIME-Version: 1.0
Content-transfer-encoding: Quoted-Printable
David Wagner wrote:
> David Honig wrote:
> > Is there a reason not to use AES block cipher
> > in a hashing mode if you need a secure digest
> > of some data?=20
>=20
> Yes. The standard hashing modes provide only
> 128-bit hash digests, and for long-term collision-
> resistance, we'd probably like longer outputs.
>=20
> Also, Rijndael has not been evaluated as thoroughly
> for security in hashing modes as it has for security
> in encryption modes. Since hashing modes stress the
> key schedule much more than encryption modes, the
> level of assurance obtained may not be as high as
> one would like at present.
Besides, a dedicated hashing function is likely to be
considerably faster than a hashing mode (at least if
the underlying block cipher was not purposely designed
to operate within a hashing scheme). This may not be
desirable in many situations.
I've asked previously, but I hope it won't hurt asking
again. Has anyone compared the relative speeds of
(efficient implementations of) the SHA-2 functions and
Rijndael? Are there any figures available?
Cheers,
Paulo Barreto.
