Implementation choices in light of recent attacks?
bear
bear at sonic.net
Wed Sep 1 14:43:43 EDT 2004
On Wed, 1 Sep 2004, Jim McCoy wrote:
>After digesting the various bits of information and speculation on the
>recent breaks and partial attacks on various popular hash functions I
>am wondering if anyone has suggestions for implementation choices for
>someone needing a (hopefully) strong hash today, but who needs to keep
>the hash output size in the 128-192 bit range. A cursory examination
>of Tiger seems to indicate that it uses a different methodology than
>the MDx & SHAx lines, does this mean that it does not suffer from the
>recent hash attacks? Would a SHA256 that has its output chopped be
>sufficient?
>
>Any suggestions would be appreciated.
I believe that SHA256 with its output cut to 128 bits will be
effective. The simplest construction is to just throw away
half the bits.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list