Re: TEA (was Re: filesystem encryption)

Perry E. Metzger (perry@piermont.com)
Tue, 30 Jun 1998 09:25:19 -0400

• Next message: Rich Salz: "Re: Cryptoanalysis"
• Previous message: Robert Hettinga: "Final Call: Symposium on Digital Bearer Transaction Settlement"
• Next in thread: Alex Alten: "Re: TEA (was Re: filesystem encryption)"
• Reply: Alex Alten: "Re: TEA (was Re: filesystem encryption)"

Alex Alten writes:
> >I'm actually under the impression that using a truncated hash output
> >in lieu of the hash produces a more secure result under many
> >circumstances.
>
> No. Hashes do not have perfect random output. If you truncate the output
> you will introduce vulnerabilities not anticipated by the designer.

I don't mean to be insulting here, really I don't, but quite frankly
you don't have any idea in hell what you are talking about. Even your
"explanation" here doesn't have any ring of reasonableness to it. Read
some of the literature on using hashes in message authentication codes
first, THEN talk.

As I noted, if you aren't in a situation where birthday attacks are an
issue, some truncation can reduce vulnerability to attacks to
determine the key of the MAC.

Before replying, please learn what I'm talking about FIRST.

Perry

• Next message: Rich Salz: "Re: Cryptoanalysis"
• Previous message: Robert Hettinga: "Final Call: Symposium on Digital Bearer Transaction Settlement"
• Next in thread: Alex Alten: "Re: TEA (was Re: filesystem encryption)"
• Reply: Alex Alten: "Re: TEA (was Re: filesystem encryption)"