secure hash modes for rijndael
John Kelsey
kelsey.j at ix.netcom.com
Mon Apr 2 22:08:45 EDT 2001
At 05:11 PM 4/2/01 -0400, Steven M. Bellovin wrote:
...
>I asked some NIST folks that question. Their answer was that they
>didn't have the resources to run two large, public efforts
>simultaneously. Hash functions induce much less public paranoia than
>do encryption algorithms; few people think that NSA wants to forge
>hashes.
The really weird part is, finding collisions in hash functions lets you do
much more interesting attacks than just reading someone's mail, but those
are attacks that you'd do to frame someone or steal money from them, not to
gather intelligence. By default, I guess NSA is more-or-less trusted with
the ability to steal lots of money, but not with the ability to eavesdrop
on everyone....
> --Steve Bellovin, http://www.research.att.com/~smb
--John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list