On 1/10/06, Ian G <[EMAIL PROTECTED]> wrote: > 2. DSA has a problem, it relies on a 160 > bit hash, which is for most purposes the > SHA-1 hash. Upgrading the crypto to cope > with current hash circumstances is not > worthwhile; we currently are waiting on > NIST to lead review in hashes so as to > craft a new generation.
What's wrong with SHA-256 and SHA-512? http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf I agree though that hashes (I hate the term, hashing has little to do with creating OWFs) are not as advanced as block cipher design, and 160 bits seems rather small, but surely SHA-256 would be better than throwing one's hands up, claiming it's unsolvable, and sticking with SHA-1, right? If the problem is size, the answer is there. If the problem is structural, a temporary answer is there. Using two structurally different hashes seems like a grand idea for collision restistance, but bad for one-wayness. One-wayness seems to matter for message encryption, but doesn't seem to matter for signing public keys - or am I missing something? -- "If I could remember the names of these particles, I'd have been a botanist" -- Enrico Fermi -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
