While it’s true that having an input value smaller than the hash length should, in theory, totally rule out collisions, is it really the case that a 400-bit input would constitute a realistic collision danger on modern hash functions with a 256-bit output hash length (to the extent of doubling the work a user has to do to authenticate?)
I’m not an expert on hash functions, maybe someone like Jean-Philippe Aumasson should be answering this. Nadim Sent from my computer > On 27 Sep 2017, at 8:10 PM, Trevor Perrin <[email protected]> wrote: > > On Wed, Sep 27, 2017 at 6:01 PM, Vincent Breitmoser > <[email protected]> wrote: >> >> Simply hashing all of the public keys and user ids together into one >> Alice+Bob-specific safety number has none of these problems, yielding >> the same 100 bits preimage attack scenario, in only half the digits. > > Hi Vincent, > > If you hash everything together you have to worry about > collision-resistance, so you still need a similar-sized value (e.g. > 200 bits). > > So that doesn't reduce the size, but that does lose the ability to > extract out individual "fingerprints" from the safety number halves. > > Trevor > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
