secure hash modes for rijndael
Bram Cohen
bram at gawth.com
Fri Mar 30 23:12:56 EST 2001
On Fri, 30 Mar 2001 sao19677 at terra.com.br wrote:
> Why not using tandem or abreast Davies-Meyer, as
> it is done with IDEA? These modes are designed for
> block ciphers whose key length is twice the block
> length -- certainly the case for AES-256 -- and
> generate hashes with twice the block length.
The one I gave has the same hash rate as those and uses plain old AES-128.
> I'm resisting the temptation to say that they were
> also more thoroughly analyzed (this should be the
> case because they are long known by now, but I'm not
> aware of any such analysis).
There doesn't appear to have been much study of how to construct secure
hash functions using block ciphers - applied cryptography mostly has a
list of things it tells you not to use.
> I have asked NIST's Jim Foti about this issue some
> time ago. Maybe it's a good idea to submit a public
> comment for NIST's modes of operation process, just
> in case...
I'd love to do that, but don't know how - is it possible to do without an
academic affiliation?
-Bram Cohen
Soko! puzzle game - http://ch.havenco.com:4201/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list