<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Allan Latham <alatham,AT,flexsys-group,DOT,com>,cipe-l,AT,inka,DOT,de
Subject: Re: Simple steps to improve CIPE security
From: Wolfgang Walter <ml-cipe,AT,studentenwerk,DOT,mhn,DOT,de>
Date: Tue, 30 Sep 2003 17:00:11 +0200
In-reply-to: <200309301521.48890.alatham@flexsys-group.com>
Organization: Studentenwerk München
References: <E1A2bsS-00033q-00@bigred.inka.de> <1064926850.31285.588.camel@monster.omnifarious.org> <200309301521.48890.alatham@flexsys-group.com>

Am Dienstag, 30. September 2003 15:21 schrieb Allan Latham:
> Hi all
> MD5 is mature and well researched. Perfect it isn't, but I think we can say
> that the likelyhood is that gross errors which would limit its usefulness
> in our application do not exist in it.
> This is not the case of hash127. Until this has been scrutinized by those
> much cleverer than me I would prefer to leave it alone.
> It will not be possible to use a keyed hash without new key material -
> using the static or dynamic key is not safe. That in turn means
> modifications to the KX mechanism which I would want to avoid at this
> stage.
> Best regards
> Allan

Strongly universal hash functions are well researched. They have been 
developped already in late 70th by Carter and Wegman. They are hash functions 
with certain mathematical properties which can be proofed. Bernsteins proofs 
this for his hash127 function.

Their security (for authentication and integrity) then is unconditional. That 
says its cryptographic security only depends on the pseudo-random-generator 
used, i.e. if you use AES: The MAC is cryptographically broken if and only if 
AES is broken. If AES is broken you can still use hash127 but with another 
cypher as pseudo-random-generator.

Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
Leopoldstraße 15
80802 München
Tel: +49 89 38196 276
Fax: +49 89 38196 144

<< | Thread Index | >> ]    [ << | Date Index | >> ]