On 7 July 2014 04:17, Joseph Bonneau <[email protected]> wrote: > So am I correct in reading that your main concern is that an attacker able > to do 2^80 work can't always find an 80-bit match (by which we mean any > desirable type of match that has a probability of 2^-80 of occurring by > chance)?
No, it's around what _type_ of match we generate for an attacker's fingerprint. Do we flip bits at random, or do we optimize for the encoded fingerprint type. The latter introduces a certain amount of subjectiveness. (It's quite objective if we do a fuzzy match based on phonetic differences, it's much-less-subjective-but-still-a-little-bit if we do a 'leading and trailing n bits' match). I argued strongly for full subjectivity, then went to random bit flips, and now I'm back to saying let's do something in-between. -tom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
