<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: 'Hans Steegers' <steegers,AT,steegers,DOT,nl>
Subject: RE: Data integrity check in CIPE - Please explain me the necessityor benefit of a larger checksum.
From: Тарасов Андрей Андреевич <admin,AT,perm,DOT,vtb,DOT,ru>
Date: Mon, 29 Sep 2003 16:59:02 +0600
Cc: CIPE-list <cipe-l,AT,inka,DOT,de>

> 2. We need HMAC for a lighter (less cpu-demanding) message 
> digest of say 64
> bits.
> Using SHA-1 and use only a small part of its output is 
> overkill, a waste of
> CPU-time and would make CIPE unusable on slow CPUs and/or fast media.
> There must be a (cpu-wise) lighter (faster) solution 
> available which also
> provides the required protection. We need this protection for 
> a maximum of
> the dynamic key's life time. Any ideas?
> 
IMHO:
Don't think that slowing down throughput less than 2 times is a real issue.
Although if using SHA-1 makes it more than 2 times slower, we may use, for
example, another blowfish key (generated and distributed exactly under the
same conditions as the main key), then reduce it to 32, 64, or even 1 bit
via xor operation. 

As far as I know, if F(X) is strong enough, then hash H(X) made of F() as
xoring parts of F()'s output is strong enough.

Correct me or ignore me if I'm wrong :)


<< | Thread Index | >> ]    [ << | Date Index | >> ]