Re: truncated hashes

New Message Reply About this list Date view Thread view Subject view Author view

Adam Shostack (adam@homeport.org)
Tue, 30 Jun 1998 08:18:19 -0400 (EDT)


Greg Rose wrote:
| If you do, indeed, want to truncate a hash, it is better to fold in the
| excess bits with an XOR instead of just dropping them; while this doesn't
| change the brute-force complexity, it defeats some amount of
| precomputation, and if the hash has some kinds of faults (eg. COMP128 I
| think) it can actually defend against the reversal.

        Folding in the final bits also prevents people from
optimmizing out any part of the final round, which is sometimes a
useful optimization of an attack.

        As Perry points out, this is really only useful in the case of
very low security applications, where a break is expected in other
ways. I've used folded hashes for licensing applications, where the
expected break is not in the hash, but changing around the if
statements around the licensing. Using a shorter hash makes it easier
to do tech support, since you're reading off smaller strings of data.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:14 ADT