Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:15 ADT
Perry E. Metzger (perry@piermont.com)
Tue, 30 Jun 1998 11:12:02 -0400
Alex Alten writes:
> >> No. Hashes do not have perfect random output. If you truncate the output
> >> you will introduce vulnerabilities not anticipated by the designer.
> >
> >I don't mean to be insulting here, really I don't, but quite frankly
> >you don't have any idea in hell what you are talking about. Even your
> >"explanation" here doesn't have any ring of reasonableness to it. Read
> >some of the literature on using hashes in message authentication codes
> >first, THEN talk.
> >
> >As I noted, if you aren't in a situation where birthday attacks are an
> >issue, some truncation can reduce vulnerability to attacks to
> >determine the key of the MAC.
> >
> >Before replying, please learn what I'm talking about FIRST.
>
> As part of my work I have cryptanalyzed several proprietary hashes
> and I've broken one.
Congratulations. Well, it appears that several people who actually do
know what they are talking about like Hugo Krawczyk seems to disagree
with you on this point, which in spite of your work you don't seem to
understand, so I can only conclude that you continue not to know what
you are talking about.
Remember, when you are using a hash as part of a MAC construction,
your worries are different from when you use a hash as part of a
signature algorithm.
In any case, might I suggest you begin by reading
M. Bellare, R. Canetti, and H. Krawczyk,
"Keyed Hash Functions and Message Authentication",
Proceedings of Crypto'96, LNCS 1109, pp. 1-15.
B. Preneel and P. van Oorschot, "Building fast MACs from hash
functions", Advances in Cryptology -- CRYPTO'95 Proceedings,
Lecture Notes in Computer Science, Springer-Verlag Vol.963,
1995, pp. 1-14.
and perhaps go on from there.
Perry
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:15 ADT