Steven M. Bellovin
Sun, 20 Mar 2005 20:24:10 -0800
In message <[EMAIL PROTECTED]>, Ralf Senderek w rites: > >And that is why I ask to give the Shamir Discrete Logarithm Hash Funktion a se >cond >thought. At leeast we have a proof of collision resistance under the assumptio >n >that factoring is infeasible for the modulus used. > >And that it more than we ever had regarding the MD4 series. > >BTW, choosing the next generation hash function should - as I think - not be >dominated by terms of performance. (i.e done in the olde fashion) >
"Dominated"? No, of course not. But a hash function based on discrete
log will be slow enough that no one will use it.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]