Re: Using MGF1 for key generation

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 08/01/05 

Date: Mon, 1 Aug 2005 17:51:01 +0000 (UTC)

Joseph Ashwood wrote:
>Generaly advice at this point is that MGF1 (based on SHA-1) should not be
>used for new designs due to the recent breaks in SHA-1,

Hmm. I guess I hadn't heard that one. Is there any justification?
My sense is that you shouldn't use SHA1 in new systems for its
collision-resistance, but it is fine to use SHA1-HMAC for its properties
as a pseudorandom function.

Relevant Pages

  • Re: Using MGF1 for key generation
    ... > Hmm. ... Is there any justification? ... my reasons for doing this are that as SHA-1 usefulness ... SHA-1 with it's arguable security. ...
    (sci.crypt)
  • Re: Schneiers "Helix" cipher is remarkably similar to the "generic feistel cipher&qu
    ... There are many customers who want custom cipher designs. ... One way is to replace the SHA-1 hash input data schedule ... "random" or "key-dependent" mixer. ...
    (sci.crypt)
  • Re: Fixed site width vs. dynamic: what is good web design?
    ... There are very few designs that *require* fixed ... Hmm, hmm, hmm. ... That *is* the point--authors are advised to design their pages to take best advantage of whatever viewport resolution and dimensions the user finds convenient to work with--not whatever resolution and dimensions some user finds *inconvenient* to work with but for some self-spiting reason chooses not to adjust to his own liking. ...
    (alt.html)
  • Re: Paging Champ
    ... Hmm, this judgement might have been overturned by now I suppose. ... What possible justification is there for that? ... car rolls into the side of you because it was parked on a hill & the ...
    (uk.rec.motorcycles)
  • Re: British Trident programme dead?
    ... Thing is, those physics packages get smaller all the time, and ... designs for the WE177B, so even if something better could be designed ... Hmm ... ... of the buggers when it went bang. ...
    (sci.military.naval)