thank you for this input. I will research it some more before coming to a
final opinion on MD5. It can wait a little while.
Can anyone add to this please?
On Tuesday 30 September 2003 17:00, Wolfgang Walter wrote:
> Am Dienstag, 30. September 2003 15:21 schrieb Allan Latham:
> > Hi all
> > MD5 is mature and well researched. Perfect it isn't, but I think we can
> > say that the likelyhood is that gross errors which would limit its
> > usefulness in our application do not exist in it.
> > This is not the case of hash127. Until this has been scrutinized by those
> > much cleverer than me I would prefer to leave it alone.
> > It will not be possible to use a keyed hash without new key material -
> > using the static or dynamic key is not safe. That in turn means
> > modifications to the KX mechanism which I would want to avoid at this
> > stage.
> > Best regards
> > Allan
> Strongly universal hash functions are well researched. They have been
> developped already in late 70th by Carter and Wegman. They are hash
> functions with certain mathematical properties which can be proofed.
> Bernsteins proofs this for his hash127 function.
> Their security (for authentication and integrity) then is unconditional.
> That says its cryptographic security only depends on the
> pseudo-random-generator used, i.e. if you use AES: The MAC is
> cryptographically broken if and only if AES is broken. If AES is broken you
> can still use hash127 but with another cypher as pseudo-random-generator.