Any time estimates for SHA1 or SHA2 attacks?
 Alex
 Original Message 
From: [EMAIL PROTECTED]
To: cryptography@metzdowd.com
Subject: Tunnels in Hash Functions: MD5 Collisions in 40 seconds
Date: Sat, 18 Mar 2006 18:05:40 +0100 (CET)
Congratulations to Marc Stevens, who
 Anyone see a reason why the digits of Pi wouldn't form an excellent
 public large (infinite, actually) string of random bits?

 There's even an efficient digitextraction (a/k/a random access to
 fractional bits) formula, conveniently base 16:
 http://mathworld.wolfram.com/BBPFormula.html
Unfortunately, they haven't. In Europe I get receipts with different
crossingout patterns almost every week.
And, with they I mean the builders of pointofsale terminals: I
don't think individual store owners are given a choice.
Though I believe I have noticed a good trend in that I
Gutterman, Pinkas, and Reinman have produced a nice asbuiltspecification and
analysis of the Linux random number generator.
From http://eprint.iacr.org/2006/086.pdf:
Following our analysis of the LRNG, we suggest the following recommendations
for the design of pseudorandom number
From: [EMAIL PROTECTED]
Sent: Mar 21, 2006 9:58 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: pipad, was Re: bounded storage model  why is R organized as
2d array?
...
 Anyone see a reason why the digits of Pi wouldn't form an excellent
 public
Hi,
Does anyone have a good idea on how to OWF passphrases without
reducing them to lower entropy counts? That is, I've seen systems
which hash the passphrase then use a PRF to expand the result  I
don't want to do that. I want to have more than 160 bits of entropy
involved.
I was thinking