[8626] in cryptography@c2.net mail archive
Re: secure hash modes for rijndael
daemon@ATHENA.MIT.EDU (Bram Cohen)
Sat Mar 31 16:41:59 2001
Date: Fri, 30 Mar 2001 20:12:56 -0800 (PST)
From: Bram Cohen <bram@gawth.com>
To: sao19677@terra.com.br
Cc: Crypto List <cryptography@wasabisystems.com>,
People who supposedly write code <coderpunks@toad.com>
In-Reply-To: <200103301119.f2UBJCi30725@srv9-sao.sao.terra.com.br>
Message-ID: <Pine.LNX.4.21.0103302010080.31245-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 30 Mar 2001 sao19677@terra.com.br wrote:
> Why not using tandem or abreast Davies-Meyer, as
> it is done with IDEA? These modes are designed for
> block ciphers whose key length is twice the block
> length -- certainly the case for AES-256 -- and
> generate hashes with twice the block length.
The one I gave has the same hash rate as those and uses plain old AES-128.
> I'm resisting the temptation to say that they were
> also more thoroughly analyzed (this should be the
> case because they are long known by now, but I'm not
> aware of any such analysis).
There doesn't appear to have been much study of how to construct secure
hash functions using block ciphers - applied cryptography mostly has a
list of things it tells you not to use.
> I have asked NIST's Jim Foti about this issue some
> time ago. Maybe it's a good idea to submit a public
> comment for NIST's modes of operation process, just
> in case...
I'd love to do that, but don't know how - is it possible to do without an
academic affiliation?
-Bram Cohen
Soko! puzzle game - http://ch.havenco.com:4201/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
