Yes, but is there any lower bound known? 2^(N-1)? Or worse? Clearly a hash with N-bit output that can't generate all 2^N values can never actually have N bits of entropy. Depending on how many forbidden values there are, this may or may not be significant. Of course if the forbidden values cannot be found, I'd agree with the "as good as".
On Mon, Jul 29, 2002 at 03:39:32PM +0000, David Wagner wrote: > >Do we even know that the popular hash functions can actually generate > >all 2^N values of their outputs? > > It seems very unlikely that they can generate all 2^N outputs > (under current knowledge). However, they satisfy the next-best > thing: their output appears to be indistinguishable from uniform to > computationally-bounded observers, hence it's "as good as" if they > could generate all 2^N outputs for most purposes. -- Barney Wolff I never met a computer I didn't like. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
