[8247] in cryptography@c2.net mail archive
Re: migration paradigm (was: Is PGP broken?)
daemon@ATHENA.MIT.EDU (Paul Crowley)
Mon Dec 11 00:51:00 2000
To: Bram Cohen <bram@gawth.com>
Cc: cryptography@c2.net
From: Paul Crowley <paul@cluefactory.org.uk>
Date: 10 Dec 2000 14:32:34 +0000
In-Reply-To: Bram Cohen's message of "Fri, 8 Dec 2000 10:23:20 -0800 (PST)"
Message-ID: <87zoi4jqil.fsf@hedonism.subnet.hedonism.cluefactory.org.uk>
Bram Cohen <bram@gawth.com> writes:
> > Is there a reason not to use AES block cipher in a hashing mode
> > if you need a secure digest of some data?
>
> Hashing modes of block ciphers require a re-key for every block, and hence
> are really, really slow.
Well, Rijndael can re-key faster than it can encrypt, so it's less of
a problem than with other block ciphers. Of course, there are not
unrelated worries that Rijndael's key schedule may not offer the
strength required for hashing modes, though the designers are
confident that the strength of the round function ensures everything
will be OK.
--
__
\/ o\ paul@cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
