|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: AES as a hash function?
From: Paulo S. L. M. Barreto (paulo.barreto
terra.com.br)Date: Mon Oct 02 2000 - 18:37:52 CDT
- Next message: Paulo S. L. M. Barreto: "Re: AES winner?"
- Previous message: Paulo S. L. M. Barreto: "Re: AES as a hash function?"
- In reply to: Bram Cohen: "AES as a hash function?"
- Next in thread: David Wagner: "Re: AES as a hash function?"
- Reply: Paulo S. L. M. Barreto: "Re: AES as a hash function?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 02 Oct 2000, Bram Cohen wrote:
> The announcement didn't mention Rijndael's applicability as a hash
> function. I thing I remember mention in earlier AES documents that it
> should be resistant to 'related key attacks' and thus usable as a hash
> function in some specific mode, who's name I have forgotten.
Rijndael *is* resistant against related-key attacks. The 9-round attack by the
fishing team does not extend to more rounds (it is only applicable to 256-bit
keys, for which the specified number of rounds is 14).
I've touched the subject of hashing function modes of operation twice in the
NIST forum. One was months ago; the other was Saturday, as a comment to the
newly available paper by Helger Lipmaa and David Wagner on counter mode.
As for the hash size, remember that Rijndael supports 192-bit and 256-bit blocks
(though I don't know if NIST will keep this extension); using tandem
or abreast Davies-Meyer with these sizes gives 384-bit and 512-bit hashes.
Cheers,
Paulo.
- Next message: Paulo S. L. M. Barreto: "Re: AES winner?"
- Previous message: Paulo S. L. M. Barreto: "Re: AES as a hash function?"
- In reply to: Bram Cohen: "AES as a hash function?"
- Next in thread: David Wagner: "Re: AES as a hash function?"
- Reply: Paulo S. L. M. Barreto: "Re: AES as a hash function?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]