Re: A basic question about hashing

From: Tom St Denis (
Date: 09/07/04

Date: Tue, 07 Sep 2004 02:34:29 GMT

Undisclosed wrote:
> so, Tom, if you were picking hashes that you would expect to last the
> longest against cryptanalysis advances and that have undergone serious
> analysis already, what would you pick?

Depends on the length of the hash required. For simplicity I'd simply
recommend WHIRLPOOL as a good choice.

> what exactly do DMWT and WHIRLPOOL entail, and are they reviewed very
> well yet?

WHIRLPOOL is essentially AES with a 64-byte block. It runs decently
fast on 64-bit processors.

DMWT is my design [based on my FPHT research]. of the two I would
recommend WHIRLPOOL solely because it has had more cryptanalysis.

If you need serious speed a good compromise is Tiger/192. It's a UFN as
well but the mixing function is less "simple" [uses 8x64 sboxes...]. It
also produces a 192-bit output. So in applications that use SHA-1 it's
a good replacement. If you need longer hashes just use WHIRLPOOL and
truncated it to the desired length.