home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!wupost!cs.utexas.edu!sun-barr!olivea!bu.edu!transfer!ellisun.sw.stratus.com!cme
- From: cme@ellisun.sw.stratus.com (Carl Ellison)
- Newsgroups: sci.crypt
- Subject: quality of hash (was: SHS/SHA source code...)
- Keywords: SHS SHA message digest
- Message-ID: <6169@transfer.stratus.com>
- Date: 4 Sep 92 14:20:36 GMT
- References: <1992Sep4.060230.28313@cs.aukuni.ac.nz>
- Sender: usenet@transfer.stratus.com
- Organization: Stratus Computer, Software Engineering
- Lines: 27
-
- In article <1992Sep4.060230.28313@cs.aukuni.ac.nz> Peter Gutmann (pgut1@cs.aukuni.ac.nz) writes:
- [...]
- >This means that
- >instead of reusing the input data in each group of rounds, SHA uses different
- >permutations of the input data in each group of rounds. This is definitely A
- >Good Thing.
- [...]
- >Which is stronger, MD5 with its improved bit-bashing or SHA with it's 'expand'
- >transformation? (Ain't no way I'm going to answer this one :-).
-
- I'm not writing to flame Peter. This is a genuine question for me.
-
-
- How do we know A Good Thing when we see it?
-
- We know that hash functions are supposed to be 1-way.
-
- Does anyone have a function for evaluating how much more an algorithm
- approaches 1-way if you add this additional round or some other feature?
- [If not, we're in danger of throwing in complications because they look
- complex to us -- not because we know they do any good.]
-
- What would be the units of such a function? ...bits of Entropy? (probably not)
- My favorite units would be: power [as in m of O(k^m)] of the minimum
- (space&time) algorithm in P which could find collisions. However, I'm told
- that no one is capable of finding m from an algorithm description. [I'm
- embarrassingly weak in complexity theory.]
-