The Pure Crypto Project's Hash Function
Ian Grigg
iang at systemics.com
Sun May 4 11:25:27 EDT 2003
Ralf Senderek wrote:
> If there was a hash based on ModExp() with a long tradition of
> scrutiny like RSA for twenty years I surely would have taken it.
OK!
> I am not keen on inventing new things, but I don't accept that we
> leave the user alone with the complexitiy problem in a fatal dependence
> on code he has not even the chance to understand. And I don't mean
> sha1 in particular but the whole cryptosystem.
Right! I concur with this frustration. But, it is
real life; next time you go over a bridge, pause
for a moment and wonder whether it is going to fall
down. Well, of course it isn't, because it was built
not to ... by engineers who assumed the responsibility
of handling the complexity.
If you are not convinced, try this: stand on the
bridge in a 120km wind whistling down the canyon,
and decide how many 60 tonne trucks are allowed
over... Bridges have limits, and it really takes
a specialist - an engineer - to understand the
limits.
In crypto, we call people who understand the limits
of the algorithms 'cryptographers'. Then there are
the software engineers, who read what the cryptographers
write, and then apply it in software. I call those
latter 'cryptoplumbers'. These guys know what a
protocol means, understand what is a real attack and
what is a theoretical attack, and put their names on
the line for user's safety.
There's a really big gulf between them. Great
cryptoplumbers are not great cryptographers, and
the reverse is as generally true. One can count
on one hand the number of people who can claim to
seriously contribute in both fields. And, the
best contributions came from people who knew their
limits and didn't invent things outside those
limits. Failed cryptosystems generally have the
characteristic that the guys who designed them
went across that border too blithely.
I really do feel the frustration, there are many
among us that have been working to get more crypto
to more users. But, assuming away the complexity
is not the answer. And, unless you are going to
spend the next 10 years in academia attacking
the last 200 years of algorithms, inventing your
own algorithm is not the answer either.
> Does the list know of any hash based on Modexp with a better reputation
> than mine, I'd be happy to know.
I suspect that answer to that is that Modexp doesn't
have the characteristics to make a good hash.
--
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list