Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)

Anonymous (nobody@replay.com)
Sat, 10 Oct 1998 05:13:17 +0200

• Next message: Lucky Green: "RE: ECC and timing attacks"
• Previous message: Sunder: "Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)"
• In reply to: Rick Campbell: "Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)"

I think he's talking about how much you can strip down the function before
it loses its avalanche properties.

In response to Keith's original post:

I really don't think this is a good way to evaluate an algorithm. It's
more of an intelligent way to count an algorithm's rounds than a new
measure of its security.

It's already a common practice to look at the security of stripped-down
versions of algorithms, which is much more useful than just looking at the
avalanche; it's trivial to make a hash function with very "deep" avalanche
which cryptographers would immediately find weak. In addition, defining
the metric itself can become tricky when the function's structure doesn't
allow a simple stripping-down.

If you're looking for something to guide your choice of hash function,
listen to some experts' opinions or get the all the info necessary to take
a good, deep look at the question yourself. Metrics like that just don't
work for measuring algorithm security.

• Next message: Lucky Green: "RE: ECC and timing attacks"
• Previous message: Sunder: "Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)"
• In reply to: Rick Campbell: "Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)"