Amir Herzberg wrote: >But there's a big difference: the random oracle `assumption` is clearly not >valid for SHA-1 (or any other specific hash function).
Well, the random oracle model has problems, but I think those problems are a bit more subtle than just an assumption that is true or false. >So the question is again: what is an assumption which we can test SHA-1 >against, and which is sufficient to make the `entropy crunching alg` secure? Hmm; I thought I answered this before. Was it unclear? If so, please ask. In any case, here's a summary. In the standard model (without random oracles), there is *no* such assumption. There's no hope for finding such an assumption, if you want to build a general-purpose entropy cruncher that works for any distribution on the input samples. One can prove this. No matter what function you choose, there is an input distribution that makes this function inadequate. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]