Time for new hash standard

[Anton Stiglic]

I believe hash127 acts like an almost universal family of hash functions,
thus the word hash in it makes sense even though it is a MAC (but I might
not be recalling properly).

About MACs being easier to build, I agree it seems to be easier because of
the secret key involved.

If you don't like SHA1, I would suggest SHA-225/256/384/512, or something
based on a different design philosophy such as Tiger.  Another interesting
alternative is hash functions based on a block cipher such as AES.

--Anton

-----Original Message-----
From: owner-cryptography at metzdowd.com
[mailto:owner-cryptography at metzdowd.com] On Behalf Of "Hal Finney"
Sent: 20 septembre 2004 15:44
To: cryptography at metzdowd.com; nelson at crynwr.com
Subject: Re: Time for new hash standard

Bruce Schneier wrote:
>  Luckily, there are alternatives. The National Institute of Standards and
> Technology already has standards for longer - and harder to break - hash
> functions: SHA-224, SHA-256, SHA-384, and SHA-512. They're already
> government standards, and can already be used. This is a good stopgap, but
> I'd like to see more.

Russell Nelson suggested:
> http://cr.yp.to/antiforgery.html#hash127

I believe this is a MAC, despite the name.  It seems to be easier to
create secure MACs than secure hash functions, perhaps because there are
no secrets in a hash, while in a MAC there is a secret key that makes
the attacker's job harder.

Hal

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com