'Hans Steegers' <steegers,AT,steegers,DOT,nl>|
RE: Data integrity check in CIPE - Please explain me the necessityor benefit of a larger checksum.|
Тарасов Андрей Андреевич <admin,AT,perm,DOT,vtb,DOT,ru>|
Mon, 29 Sep 2003 16:59:02 +0600|
> 2. We need HMAC for a lighter (less cpu-demanding) message
> digest of say 64
> Using SHA-1 and use only a small part of its output is
> overkill, a waste of
> CPU-time and would make CIPE unusable on slow CPUs and/or fast media.
> There must be a (cpu-wise) lighter (faster) solution
> available which also
> provides the required protection. We need this protection for
> a maximum of
> the dynamic key's life time. Any ideas?
Don't think that slowing down throughput less than 2 times is a real issue.
Although if using SHA-1 makes it more than 2 times slower, we may use, for
example, another blowfish key (generated and distributed exactly under the
same conditions as the main key), then reduce it to 32, 64, or even 1 bit
via xor operation.
As far as I know, if F(X) is strong enough, then hash H(X) made of F() as
xoring parts of F()'s output is strong enough.
Correct me or ignore me if I'm wrong :)