Re: Salsa20 hashing
- From: "D. J. Bernstein" <djb@xxxxxxxx>
- Date: Thu, 28 Sep 2006 01:00:17 +0000 (UTC)
Scott Contini <the_great_contini@xxxxxxxxx> wrote:
Salsa20 does not compress: the output size is the same as the input.
Correct. But there are many safe ways to build a reasonably fast
compression function from Salsa20. For example, here's Rumba20: compress
a 1536-bit string partitioned as (m_1,m_2,m_3,m_4) to the 512-bit string
Salsa20(c_1,m_1) + Salsa20(c_2,m_2) + Salsa20(c_3,m_3) + Salsa20(c_4,m_4)
where each c_i is a new standard 128-bit constant placed on the diagonal
and chosen as discussed in ``Salsa20 security,'' Section 4, ``Notes on
the diagonal constants.'' Feed the final 512-bit output through Salsa20
again; truncate to 256 bits; you have a SHA-256 replacement.
---D. J. Bernstein, Professor, Mathematics, Statistics,
and Computer Science, University of Illinois at Chicago
.
- References:
- Salsa20 hashing
- From: xmath
- Re: Salsa20 hashing
- From: Scott Contini
- Re: Salsa20 hashing
- From: xmath
- Re: Salsa20 hashing
- From: Scott Contini
- Salsa20 hashing
- Prev by Date: Re: Salsa20 hashing
- Next by Date: Re: Need Graph Isomorphism Algorithm De-bunked
- Previous by thread: Re: Salsa20 hashing
- Next by thread: Re: Salsa20 hashing
- Index(es):
