Exponent 3 damage spreads...
Damien Miller
djm at mindrot.org
Mon Sep 18 23:18:37 EDT 2006
On Fri, 15 Sep 2006, Jostein Tveit wrote:
> pgut001 at cs.auckland.ac.nz (Peter Gutmann) writes:
>
> > What's more scary is that if anyone introduces a parameterised hash
> > (it's quite possible that this has already happened in some fields,
> > and with the current interest in randomised hashes it's only a
> > matter of time before we see these anyway) [...]
>
> Both Rivest and Shamir said that they want a parameterised hash
> according to Paul Hoffman's "Notes from the Hash Futures Panel".
> <URL: http://www.proper.com/lookit/hash-futures-panel-notes.html >
Having a standard parametised hash function does not necessitate that
ASN.1 instances of their output have to be parametised too. IMO it
would make more sense to pick a progression of sizes similar to
SHA{1,256,...}
-d
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list