At 09:53 AM 4/3/01 +0100, Pete Chown wrote:
...
>Given the amount of analysis that has gone into AES, I think this hash
>function probably has reasonable security. Interestingly there have
>been far more successful attacks on hash functions than block ciphers.
>Damaging attacks have been found o
Jeroen C. van Gelderen wrote:
> Pete Chown wrote:
> > On the subject of these hash functions... I looked at some benchmark
> > figures and SHA-256 is not substantially faster than Rijndael-256 with
> > Davies-Meyer.
> Could you give a URL for the benchmarks you looked at?
I used Brian Gladman
At 05:11 PM 4/2/01 -0400, Steven M. Bellovin wrote:
...
>I asked some NIST folks that question. Their answer was that they
>didn't have the resources to run two large, public efforts
>simultaneously. Hash functions induce much less public paranoia than
>do encryption algorithms; few people t
Pete Chown wrote:
[...]
> On the subject of these hash functions... I looked at some benchmark
> figures and SHA-256 is not substantially faster than Rijndael-256 with
> Davies-Meyer. I wonder why there was so much energy put into the AES
> process, and then SHA-256 was given to us by the NSA wi
In message <[EMAIL PROTECTED]>, Pete Chown writes:
>On the subject of these hash functions... I looked at some benchmark
>figures and SHA-256 is not substantially faster than Rijndael-256 with
>Davies-Meyer. I wonder why there was so much energy put into the AES
>process, and then SHA-256 was g
Paulo S. L. M. Barreto wrote:
> There are many hash constructions based on block ciphers with the same block
> and key length; most are insecure. Matyas-Meyer-Oseas, Davies-Meyer, and
> Miyaguchi-Preneel are three of the few so far unbroken constructions. See
> either Schneier's "Applied Cryptogr
-BEGIN PGP SIGNED MESSAGE-
At 11:25 PM 3/29/01 -0800, Bram Cohen wrote:
>sha-256 is ridiculously slow, so I've done some thinking about hash
>modes for rijndael.
>To begin with, there's the issue of padding - this can be done by
>appending a 1 and then padding with zeros to the next mu
On Sat, 31 Mar 2001, Bram Cohen wrote:
> On Fri, 30 Mar 2001, Pete Chown wrote:
>
> > Bram Cohen wrote:
> >
> > > It would be nice if there was an algorithm which used rijndael with 256
> > > bit blocks to produce a hash of 256 bits and had a hash rate of 1, but I
> > > haven't been able to come
On Fri, 30 Mar 2001 [EMAIL PROTECTED] wrote:
> Why not using tandem or abreast Davies-Meyer, as
> it is done with IDEA? These modes are designed for
> block ciphers whose key length is twice the block
> length -- certainly the case for AES-256 -- and
> generate hashes with twice the block length.
Bram Cohen wrote:
> It would be nice if there was an algorithm which used rijndael with 256
> bit blocks to produce a hash of 256 bits and had a hash rate of 1, but I
> haven't been able to come up with one.
Why not just use Matyas-Meyer-Oseas (or one of the variants) with
256-bit keys and block
Why not using tandem or abreast Davies-Meyer, as
it is done with IDEA? These modes are designed for
block ciphers whose key length is twice the block
length -- certainly the case for AES-256 -- and
generate hashes with twice the block length.
I'm resisting the temptation to say that they were
als
sha-256 is ridiculously slow, so I've done some thinking about hash modes
for rijndael.
To begin with, there's the issue of padding - this can be done by
appending a 1 and then padding with zeros to the next multiple of a block
size. If the data to be hashed is already a multiple of a block size
12 matches
Mail list logo
