Secure 128-bit hash?
- From: Mike Amling <nospam@xxxxxxxxxx>
- Date: 21 Sep 2006 13:47:17 EDT
With the decline in MD5, is there an unbroken 128-bit hash left? One with no faster way to find a collision than birthday attack?
If not, why not take the Whirlpool design, namely Merkle-Damgard using Miyaguchi-Preneel hash compression with a wide-trail cipher, and shrink it to 128 bits by substituting AES/Rijndael for the Whirlpool block cipher? Define it as
m=input message
m_i, for i from 1 to n, is m padded with (a 1 bit, as many zero bits as necessary to get the length up to 64 modulo 128, and a 64-bit number of bits in m), broken up into n 128-bit blocks, where n is ceiling(number of bits in m + (1+64))/128)
H_0=128 zero bits
H_i=AES(H_(i-1), m_i) XOR H_(i-1) XOR m_i, for i from 1 to n, where AES(x,y) is the AES encryption of plaintext y using key x
Hash output is H_n.
--Mike Amling
.
- Follow-Ups:
- Re: Secure 128-bit hash?
- From: David Eather
- Re: Secure 128-bit hash?
- From: Vlastimil Klima
- Re: Secure 128-bit hash?
- From: David Eather
- Re: Secure 128-bit hash?
- From: Mark Wooding
- Re: Secure 128-bit hash?
- From: David Wagner
- Re: Secure 128-bit hash?
- Prev by Date: Re: Conditional Access Systems
- Next by Date: Re: Conditional Access Systems
- Previous by thread: Conditional Access Systems
- Next by thread: Re: Secure 128-bit hash?
- Index(es):
Relevant Pages
|
