The Pure Crypto Project's Hash Function
tom st denis
tomstdenis at yahoo.com
Sat May 3 19:09:35 EDT 2003
--- Eric Murray <ericm at lne.com> wrote:
> On Sat, May 03, 2003 at 12:46:55PM -0400, Adam Shostack wrote:
> > On Sat, May 03, 2003 at 05:28:24PM +0200, Ralf Senderek wrote:
> > | On Sat, 3 May 2003, Rich Salz wrote:
> > | > Isn't it better to have clean implementations of known
> algorithms that
> > | > have been widely understood and studied by the cryptographic
> community?
> > |
> > | > Smallest lines of code doesn't imply "most secure."
> > | > /r$
> > |
> > | The goal is of course : "most secure" AND "most clear" AND
> "smallest code"
> >
> > Do you want good, fast, and cheap, too?
> >
> > I'd be much more comfortable with a standard hash function than one
> > designed in the hopes of reducing code size, for any project except
> > one where gate count matters.
>
> This idea doesn't actually reduce code size. Look at
> any software implementation of modexp or the libraries plus
> device drivers for any hardware modexp.
> The code for a simple implementation of SHA1 is trivial
> in comparison to either of those. But even the simplest
> bignum modexp isn't a trivial amount of code.
As the author LibTomMath I have to disagree with this. My modular
exponentiation routines are fairly simple and straightforward. My
routines are based on a k-ary sliding window implemented as two
seperate functions [one version use Barrett reductions and the other
uses Montgomery or Diminished Radix reductions].
As quite a few people have observed [most notably Tom Wu of Arcot]
LibTomMath achieves exptmod throughputs of roughly 1/2 of GMP on a x86
platform with GCC 3.2. That isn't bad for all ISO C source code [e.g.
no ASM optimizations]
If you understand how a k-ary algorithm works you shouldn't have much
difficulty following my code. So I have to disagree with the statement
:-)
My two cents on this whole thread... Definitely modular, concise and
well organized code is a must for secure software. It is, as others
pointed out not a catalyst for secure software. That is, just because
a weak cipher is clearly written doesn't mean its not a weak cipher.
As to making their own hash I too would have to strongly disagree with
that. You really ought to either design a cipher/hash or design a
cryptosystem. You shouldn't do both at the same time because you are
bound to miss steps here and there.
Tom
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list