David Honig  wrote:
>Is there a reason not to use AES block cipher in a hashing mode
>if you need a secure digest of some data? 

Yes.  The standard hashing modes provide only 128-bit hash digests, and
for long-term collision-resistance, we'd probably like longer outputs.

Also, Rijndael has not been evaluated as thoroughly for security in
hashing modes as it has for security in encryption modes.  Since hashing
modes stress the key schedule much more than encryption modes, the level
of assurance obtained may not be as high as one would like at present.

Reply via email to