Schneier: SHA-1 has been broken - Time for a second thought about SDLH ?
Steven M. Bellovin
smb at cs.columbia.edu
Sun Mar 20 20:31:08 EST 2005
In message <Pine.LNX.4.58.0503140541090.3094 at safe.senderek.de>, Ralf Senderek w
rites:
>
>And that is why I ask to give the Shamir Discrete Logarithm Hash Funktion a se
>cond
>thought. At leeast we have a proof of collision resistance under the assumptio
>n
>that factoring is infeasible for the modulus used.
>
>And that it more than we ever had regarding the MD4 series.
>
>BTW, choosing the next generation hash function should - as I think - not be
>dominated by terms of performance. (i.e done in the olde fashion)
>
"Dominated"? No, of course not. But a hash function based on discrete
log will be slow enough that no one will use it.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list