On Fri, 30 Mar 2001 [EMAIL PROTECTED] wrote:
> Why not using tandem or abreast Davies-Meyer, as
> it is done with IDEA? These modes are designed for
> block ciphers whose key length is twice the block
> length -- certainly the case for AES-256 -- and
> generate hashes with twice the block length.
The one I gave has the same hash rate as those and uses plain old AES-128.
> I'm resisting the temptation to say that they were
> also more thoroughly analyzed (this should be the
> case because they are long known by now, but I'm not
> aware of any such analysis).
There doesn't appear to have been much study of how to construct secure
hash functions using block ciphers - applied cryptography mostly has a
list of things it tells you not to use.
> I have asked NIST's Jim Foti about this issue some
> time ago. Maybe it's a good idea to submit a public
> comment for NIST's modes of operation process, just
> in case...
I'd love to do that, but don't know how - is it possible to do without an
academic affiliation?
-Bram Cohen
Soko! puzzle game - http://ch.havenco.com:4201/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
