On 14/10/10 3:56 PM, Zooko O'Whielacronx wrote:
In any case, I'm pretty sure that as a *user* of hash functions what I
care about is "more likely to fail" (and efficiency), not about "bits
of security" for any bit-level greater than about 128 (including
consideration of quantum attacks, multi-target attacks, etc.)
Yes. This was something I was trying to get at with Pareto-secure:
http://iang.org/papers/pareto-secure.html
There is a point beyond which all efforts are theoretical, and deliver
zero practical benefit. We could probably argue this is at 128 bits.
Beyond that, we're likely doing ourselves damage, because we're
distracting from the true issues. By far the majority (99.99%) of
problems lie outside the issues of strong cryptographic algorithms. If
we spend time on them, to the distraction of our clear and present
dangers, we're now practicing cryptographic numerology.
http://financialcryptography.com/mt/archives/001286.html
It's fun, it looks great to the media, it impresses the masses. As
Peter says, it's a fashion statement.
But security, it ain't.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
