Re: TEA (was Re: filesystem encryption)

Perry E. Metzger (perry@piermont.com)
Tue, 30 Jun 1998 12:01:00 -0400

• Next message: Ernest Hua: "RE: Cryptoanalysis"
• Previous message: Alex Alten: "Re: TEA (was Re: filesystem encryption)"
• In reply to: Perry E. Metzger: "Re: TEA (was Re: filesystem encryption)"
• Next in thread: Stephen P. Gibbons: "Re: TEA (was Re: filesystem encryption)"

Alex Alten writes:
> >Well, it appears that several people who actually do
> >know what they are talking about like Hugo Krawczyk seems to disagree
> >with you on this point, which in spite of your work you don't seem to
> >understand, so I can only conclude that you continue not to know what
> >you are talking about.
>
> Perry every time I get into a tit-fot-tat with you I end up wasting
> my time.

As it stands, I've presented peer reviewed literature to back up my
point, and a reasonable rationale to back up my point (that, when used
as a MAC, a hash is subject to very different attack, and that
truncation increases attacker uncertainty, because multiple keys could
have produced the same truncated output -- for example, in using an
HMAC-SHA1-80 (that is, HMAC with SHA1 as the hash, truncated to 80
bits) we increase the attacker work factor by a factor of 2^80th,
which is not inconsiderable.

As it stands, you appear to be appealing to the notion that you have
"personally cryptanalyzed" lots of hashes and thus you know
better. You haven't presented an argument, however. You haven't even
shown that you know what a MAC is -- I haven't seen you use the word
once, or acknowledged that there might be a difference between a hash
when used in a signature algorithm and a hash when used as a MAC.

If you want to argue against peer reviewed literature on the basis
that "you know better", that's fine, but you should at least have a
solid explanation for why the argument you've been presented with
isn't true. The best you've done here is flail.

If you care to explain, in detail, why the argument given in the
papers I cited are wrong, or why the argument above is wrong, that's
fine. However, you haven't tried to do so thus far.

One wonders, therefore, who is wasting the time of the other here.

> Quit this nonsense of Hugo said this and Bart said that, it makes
> you sound like a damn novice.

I was under the impression that in most fields of science, citing peer
reviewed literature was considered a sound practice. Guess I should
just cite my navel staring instead, eh?

Perry

• Next message: Ernest Hua: "RE: Cryptoanalysis"
• Previous message: Alex Alten: "Re: TEA (was Re: filesystem encryption)"
• In reply to: Perry E. Metzger: "Re: TEA (was Re: filesystem encryption)"
• Next in thread: Stephen P. Gibbons: "Re: TEA (was Re: filesystem encryption)"