The Pure Crypto Project's Hash Function
Adam Shostack
adam at homeport.org
Sat May 3 18:25:52 EDT 2003
On Sat, May 03, 2003 at 08:41:31PM +0200, Ralf Senderek wrote:
| On Sat, 3 May 2003, Adam Shostack wrote:
|
| >
| > Do you want good, fast, and cheap, too?
|
| good: YES, preferably the best.
| fast: MAYBE, if I'd sign my day's work I can wait the few seconds
| PCP needs to sign my day's effords
| cheap: NO, if I need cheep hashing I'd use PGP-2.6.3i or md5sum
You miss the reference:
"'Good, fast, cheap,' pick any two."
| > Small code is only useful for ease of review, and bug resistance.
| > However, code reuse also accomplishes those same goals. There seems
| > to be a lot of audit work done on openssl, use their sha
| > implementation, or get NIST's. You get a solid hash function, and the
| > important benefits of small code.
|
| Small code? How many lines of C-code is sha-1 in openssl? Can you
| explain every single one to me with respect to its security?
|
| These questions shall only shed some light on the problem that most of the
| crypto we are using every day is not really understandable for most
| of us. And in this respect, I think, the Pure Crypto Hash is a
| step forward.
Well, I don't agree. Its a new hash function, and as such is far less
analyzed than SHA. If I'm willing to just read, I can learn quite a
bit about SHA. I have to invent new things to learn about your hash.
| And the original question was not why I am not willing to use sha1 but
| if the Pure Crypto Hash is secure. I really would like to know the
| list's assessment on this.
Seems pretty clear: No, PCH is not secure, until you offer an
argument in its favor. In the meantime, the list's assessment is that
we have not seen a good argument in favor of the new thing you
propose, and are happy with the tools we have, except we'd like them
to be faster.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list