Time for new hash standard

Damien Miller djm at mindrot.org
Tue Sep 21 02:42:37 EDT 2004

R. A. Hettinga wrote:

>  Luckily, there are alternatives. The National Institute of Standards and
> Technology already has standards for longer - and harder to break - hash
> functions: SHA-224, SHA-256, SHA-384, and SHA-512. They're already
> government standards, and can already be used. This is a good stopgap, but
> I'd like to see more.

I haven't seen any discussion on constructions based on "universal
hashing", like the UHASH underlying UMAC[1]. Can any cryptographers
comment on this?

UMAC seems like a particularly nice MAC, because it is supposedly
provably-secure (to the extent that AES is) and benefits from hardware
speedups to AES.


[1] http://www.cs.ucdavis.edu/~rogaway/umac/

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list