Re: truncated hashes and MACs

New Message Reply About this list Date view Thread view Subject view Author view

bram (bram@gawth.com)
Wed, 1 Jul 1998 11:48:44 -0700 (PDT)


On Wed, 1 Jul 1998, Lewis McCarthy wrote:

> bram writes regarding RFC 2104:
> >
> > > These properties, and actually stronger ones, are commonly assumed for
> > > hash functions of the kind used with HMAC.
> >
> > Notice the word 'assume'. Cryptographers aren't normally in the business
> > of assuming.
>
> I'm not sure what point you were making here.

If it said 'only use hashes which were designed to have these properties'
that would make a lot more sense. It's justified from design criteria
about everything except truncation.

Now if someone were to say 'we assume it is computationally intractable to
find two bitstrings each of which starts with the hash of the other', I'd
say that's completely justified. There are sort of implied properties of
hashes which are hard to formulate, but truncation properties aren't one
of them.

-Bram


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:03 ADT