[13172] in cryptography@c2.net mail archive
Re: The Pure Crypto Project's Hash Function
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Sat May 3 17:02:56 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Ralf Senderek <ralf@senderek.de>
Cc: Adam Shostack <adam@homeport.org>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 03 May 2003 13:21:14 -0700
In-Reply-To: <Pine.LNX.4.31.0305032020480.2631-100000@safe.senderek.de>
Ralf Senderek <ralf@senderek.de> writes:
> On Sat, 3 May 2003, Adam Shostack wrote:
> > Small code is only useful for ease of review, and bug resistance.
> > However, code reuse also accomplishes those same goals. There seems
> > to be a lot of audit work done on openssl, use their sha
> > implementation, or get NIST's. You get a solid hash function, and the
> > important benefits of small code.
>
> Small code? How many lines of C-code is sha-1 in openssl? Can you
> explain every single one to me with respect to its security?
Can you explain every single line of the modular exponentiation
routine you're using? Every single line of the compiler you're
using to compile the code?
> These questions shall only shed some light on the problem that most of the
> crypto we are using every day is not really understandable for most
> of us. And in this respect, I think, the Pure Crypto Hash is a
> step forward.
Why? The amount of math you would need to demonstrate the security
or insecurity of your hash algorithm is incredibly prohibitive,
and vastly larger than the amount of effort required to analyze the
C code in SHA-1.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
Web Log: http://www.rtfm.com/movabletype
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com