[Cryptography] At what point should people not use TLS?
Tony Arcieri
bascule at gmail.com
Tue Apr 12 13:05:25 EDT 2016
On Tue, Apr 12, 2016 at 2:22 AM, Ryan Carboni <ryacko at gmail.com> wrote:
> > Tiger: One of the few unbroken but time-tested hash functions, designed
> by Anderson and Biham [5] in 1996, Tiger is sometimes recommended as an
> alternative to MD4-like designs like SHA-1, especially because it is faster
> than SHA-1 on common platforms. Tiger is in practical use e.g., in
> decentralized file systems, or in many file sharing protocols and
> applications, often in a Merkle-tree construction (also known as TigerTree
> [3]). The best collision attack on Tiger is on 19 rounds [31].
>
The best attack on Tiger is a 22 round near-collision attack:
https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=20716
It's not in good shape and should not be used in new protocols.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/d4931c0c/attachment.html>
More information about the cryptography
mailing list