Enzo Michelangeli wrote: >Anyway, the intended use is for primary keys in transaction databases, in >replacement of the PAN (a.k.a. credit card number). Using secure hashes is >the usual way of doing such things, but the slight risk of collision, >although practically negligible, is a bit irksome (especially considering >that the plaintext is of fixed size, and therefore injectivity is not a >priori impossible), and I was wondering if something better can be done.
I'd ignore the risk. If you've got a 160-bit hash function (and you probably should), then the risk of a collision is truly negligible. If you try to come up with some fancy alternative, there will be a greater risk that the fancy alternative is insecure than the risk that you ever experience a collision in SHA. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
