Re: Re: IBM press release - encryption and authentication

[sao19677]

[EMAIL PROTECTED] wrote:
> > > The world is not so simple, not so black and white.
> > > For example, you're completely omitting any outside
> > > factors beyond the crypto algorithm itself.
> 
> > Such as...? (Please restrict your answer to topics
> > pertinent to this discussion list).
> 
> Oh come on.  The original statement assumes that the ONLY factor
> entering into the intellectual property decision is that of the
> cryptography itself.  That's ridiculous. Cost recovery, trading for
> rights to use something else, establishing credibility with venture
> capitalists, etc.  Yes, the net effect *might* be: everyone can use it,
> or everyone cannot use it, but to claim that as *the reason* is
> ridiculous.
> 
> I believe this explanation of the obvious is off-topic, and I won't
> discuss it further.
>   /r$

It's not obvious. Note that your reply did not
address or reference anything specific in the
commented-upon message. You might be talking about
anything -- possibly off-topic stuff.

Moreover, *is* it off-topic to discuss such aspects
of cryptographic technology deployment? [Making clear
which what is under consideration undoubtedly helps.]

Paulo Barreto.


[I've filtered a lot of these messages so far.

I'm happy to see a discussion of patent issues and how they impact
cryptographic deployment, but I think the discussion so far has been
pretty uninteresting and largely has consisted of cliches. If people
want me to forward their messages about this, they're going to have to
say things that are a lot more interesting. --Perry]

Re: Re: migration paradigm (was: Is PGP broken?)

[sao19677]

David Wagner wrote:
> David Honig  wrote:
> > Is there a reason not to use AES block cipher
> > in a hashing mode if you need a secure digest
> > of some data? 
> 
> Yes.  The standard hashing modes provide only
> 128-bit hash digests, and for long-term collision-
> resistance, we'd probably like longer outputs.
> 
> Also, Rijndael has not been evaluated as thoroughly
> for security in hashing modes as it has for security
> in encryption modes.  Since hashing modes stress the
> key schedule much more than encryption modes, the
> level of assurance obtained may not be as high as
> one would like at present.

Besides, a dedicated hashing function is likely to be
considerably faster than a hashing mode (at least if
the underlying block cipher was not purposely designed
to operate within a hashing scheme). This may not be
desirable in many situations.

I've asked previously, but I hope it won't hurt asking
again. Has anyone compared the relative speeds of
(efficient implementations of) the SHA-2 functions and
Rijndael? Are there any figures available?

Cheers,

Paulo Barreto.