On Wed, 1 Sep 2004, Jim McCoy wrote:
>After digesting the various bits of information and speculation on the >recent breaks and partial attacks on various popular hash functions I >am wondering if anyone has suggestions for implementation choices for >someone needing a (hopefully) strong hash today, but who needs to keep >the hash output size in the 128-192 bit range. A cursory examination >of Tiger seems to indicate that it uses a different methodology than >the MDx & SHAx lines, does this mean that it does not suffer from the >recent hash attacks? Would a SHA256 that has its output chopped be >sufficient? > >Any suggestions would be appreciated. I believe that SHA256 with its output cut to 128 bits will be effective. The simplest construction is to just throw away half the bits. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]