Menu
Search

Forums

Forum Index

September 24, 2004
Gravatar of Arcane JillPosted by Arcane JillReply
Arcane Jill
Gravatar of Arcane Jill


Reply
For those of you who haven't been following the latest developments in cryptography, hash functions have recently suffered badly from a new attack called the joux attack. It makes hash collisions easier to find, and, to cut a long story short, makes the current crop of hash functions only half as strong as we thought they were. So, for example, an MD5 hash has 128 bits ... but the joux attack lets you find collisions as if it had only 64 bits. (More or less. I'm simplifying greatly). The long and the short of it is that cryptographers need to use stronger hash functions.

Which brings us to Whirlpool. (http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html). Whirlpool is a hash function which produces 512 bits of hash, which sounds good enough for me. Anyone fancy adding an implementation of this to D's growing hash suite?

Arcane Jill
October 16, 2004
Gravatar of Sigbjørn Lund OlsenPosted by Sigbjørn Lund Olsen
in reply to Arcane Jill		Reply
Sigbjørn Lund Olsen
Gravatar of Sigbjørn Lund Olsen
Posted in reply to Arcane Jill


Reply
Arcane Jill wrote:
> For those of you who haven't been following the latest developments in
> cryptography, hash functions have recently suffered badly from a new attack
> called the joux attack. It makes hash collisions easier to find, and, to cut a
> long story short, makes the current crop of hash functions only half as strong
> as we thought they were. So, for example, an MD5 hash has 128 bits ... but the
> joux attack lets you find collisions as if it had only 64 bits. (More or less.
> I'm simplifying greatly). The long and the short of it is that cryptographers
> need to use stronger hash functions.
> 
> Which brings us to Whirlpool.
> (http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html).
> Whirlpool is a hash function which produces 512 bits of hash, which sounds good
> enough for me. Anyone fancy adding an implementation of this to D's growing hash
> suite?
> 
> Arcane Jill

(Sorry about the bump)

I would like to point out that the length of the hash has nothing to do with its strength. MD4 is also a 128 bit hash, yet vastly weaker than its cousing MD5. It's about how the hashes are constructed. The advantage of Whirlpool/Tiger etc, are that they are based (iirc) on different primitives than MD/SHA-family hashes. They're also less common, so less (open) cryptanalysis research is done on them. Which can be both a good thing and a bad thing.

Cheers,
Sigbjørn Lund Olsen