[13308] in cryptography@c2.net mail archive
Re: Modulo based hash functions [was: The Pure Crypto Project's Hash Function]
daemon@ATHENA.MIT.EDU (David Wagner)
Fri May 16 18:14:11 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
X-Envelope-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 16 May 2003 20:12:27 GMT
X-Complaints-To: news@abraham.cs.berkeley.edu
These number-theoretic hash functions are arguably a lousy choice
for general-purpose use. Sure, those hashes may be one-way and
collision-resistant, but these days, we expect more than just one-wayness
and collision-resistance: we often expect the hash to behave like a
"random function". Number-theoretic hashes usually don't satisfy
this property, and thus run the risk of creating bad interactions
between the number-theoretic hash and the number-theoretic public-key
encryption/signature scheme. For all these reasons, I prefer SHA1 for
general-purpose use over number-theoretic schemes.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
