David Honig wrote: >Is there a reason not to use AES block cipher in a hashing mode >if you need a secure digest of some data? Yes. The standard hashing modes provide only 128-bit hash digests, and for long-term collision-resistance, we'd probably like longer outputs. Also, Rijndael has not been evaluated as thoroughly for security in hashing modes as it has for security in encryption modes. Since hashing modes stress the key schedule much more than encryption modes, the level of assurance obtained may not be as high as one would like at present.
- Re: Is PGP broken? Russell Nelson
- Re: Is PGP broken? Ralf Senderek
- Re: Is PGP broken? Enzo Michelangeli
- Re: Is PGP broken? David Bird
- migration paradigm (was: Is PGP broken?) William Allen Simpson
- Re: migration paradigm (was: Is PGP broken... Bram Cohen
- AES (was Re: migration paradigm) Arnold G. Reinhold
- Re: migration paradigm (was: Is PGP br... Bram Cohen
- Re: migration paradigm (was: Is PG... Paulo S. L. M. Barreto
- Re: migration paradigm (was: Is PGP br... David Honig
- Re: migration paradigm (was: Is PG... David Wagner
- Re: migration paradigm (was: Is PG... Bram Cohen
- Re: migration paradigm (was: ... David Honig
- Re: migration paradigm (was: ... Paul Crowley
- Re: Is PGP broken? Ralf Senderek
- Re: Is PGP broken? Peter Gutmann
- Re: Is PGP broken? Enzo Michelangeli
- Re: Is PGP broken? lcs Mixmaster Remailer
- Re: Is PGP broken? L. Sassaman
- Re: Is PGP broken? Ralf Senderek
- Re: Is PGP broken? Steven M. Bellovin