Time for new hash standard
Ian Farquhar
ianf at dreamscape.com.au
Mon Sep 20 22:14:48 EDT 2004
At 05:43 AM 21/09/2004, Hal Finney wrote:
>I believe this is a MAC, despite the name. It seems to be easier to
>create secure MACs than secure hash functions, perhaps because there are
>no secrets in a hash, while in a MAC there is a secret key that makes
>the attacker's job harder.
Interestingly, a crypto-specialist from DSD (Australian NSA-equivalent)
said exactly this to me in 1997-1998. He called them "strange" functions
to design. I subsequently asked if they - which in the context meant the
tier one UKUSA agencies - had many hash functions developed for classified
uses. He indicated that they had quite a few MAC-style keyed functions,
but not many unkeyed hashes.
This was all over a lunch to discuss SENECA, Oz's VLSI proposal to replace
DES for sensitive-but-unclassified applications (64 bit keys, produced on
an otherwise moribund 1.5u fab in Sydney). SENECA lost funding, basically
due to internal politics and external commercial realities. I was trying
to get them to release the algorithm in SENECA publicly, knowing the
hardware implementation was failing in the marketplace, but was told it
wasn't going to happen as it incorporated design features that DSD
considered sensitive. The actual design came out of DSTO.
Ian.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list