[149116] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[Cryptography] Pre-image security of SHA-256 reduced to 16 rounds

daemon@ATHENA.MIT.EDU (Sergio Lerner)
Mon Jan 20 11:03:52 2014

X-Original-To: cryptography@metzdowd.com
Date: Sun, 19 Jan 2014 10:37:17 -0300
From: Sergio Lerner <sergiolerner@pentatek.com>
To: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

I'm working in a password hashing construction (RandMemoHash, see
http://bitslog.wordpress.com/2013/12/31/strict-memory-hard-hash-functions/).

I need the fastest possible crypto "hash" function, even if breaking
pre-image resistance requires about 2^32 operations. Collision
resistance is unimportant. This is because the algorithm will repeatedly
apply the reduced round hash function, so at the end, enough rounds will
be applied.
My first choice is SHA-256 with 16 rounds (out of 64). I want to find
the best pre-image attack  that requires little memory.
I searched for information on papers but all I found is attacks against
36 and more rounds.

Any idea?

Thanks,
 Sergio.

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[149116] in cryptography@c2.net mail archive

[Cryptography] Pre-image security of SHA-256 reduced to 16 rounds

daemon@ATHENA.MIT.EDU (Sergio Lerner)Mon Jan 20 11:03:52 2014

daemon@ATHENA.MIT.EDU (Sergio Lerner)
Mon Jan 20 11:03:52 2014