> Not so... the SHA family are all unbalanced Feistel structures. Sorry, I guess I am thinking of AES. I don't know where I got the "doesn't need to be invertible" bit, I must be conflating it with something else.
He should also take a look at OCB, CCM, and CBC-MAC modes. Perhaps he intends to hide the hash inside the encryption, in which case he might be better off doing authentication+encryption. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]