Jump to content

Talk:One-way compression function

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by JeffryJohnston (talk | contribs) at 00:36, 3 February 2006 (Comparisons?). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconCryptography: Computer science Unassessed
WikiProject iconThis article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science.

Attack on Davies-Meyer

Ok, the merge of several other articles into this one is done, sort of. There is some more information in the old Davies-Meyer article about an attack that I did not merge since I did not understand it. If I just cut and paste that paragraph it will make even less sense since it depends on the notification established further up in the old article and I have changed that notification in this article. So for now I left the old Davies-Meyer article as it is (not turned it into a redirect). I left a note about it and link to it in the Davies-Meyer section of this article. I hope some one can make sense to it and rewrite it properly and merge it some day. --David Göthberg 06:05, 28 January 2006 (UTC)[reply]

Comparisons?

I'm curious if one of these methods is preferred to another in general, or under certain circumstances. Are there certain applications where one method is more appropriate than another? 150.135.65.20 19:05, 30 January 2006 (UTC)[reply]

Well, I am not a crypto analyst but my gutt feeling is that of the three methods described in the article so far the last one (Miyaguchi-Preneel) is the most secure.
However, a slight modification of it might be twice as fast in some cases and perhaps about as secure. Many block cryptos today take keys twice the size of their block size, say 256-bit keys and 128-bit block size. So instead doing like in Davies-Meyer would be twice as fast. That is, to feed the messages blocks (m) as keys (256 bits at a time) and the previous hash (H) as cleartext to be encrypted. But you could still XOR in both m an H onto the output like in Miyaguchi-Preneel since that seems more robust then Davies-Meyer.
But note that many cryptos only have 64-bit block size and with the methods so far described in the article thus only produces 64-bit hashes which is far to short to be secure for most needs. Also note that even 128-bit hashes (produced by 128-bit block cryptos) might be to short to be fully secure. Thankfully there is methods to make for instance 256-bit hashes out of block cryptos that has the block size of 128-bit. Two such methods are MDC-2 and MDC-4. MDC-4 seems to be the most secure of all methods I have seen so far but also the slowest. We will probably add those methods to the article some day. (Much work to be done...)
If you don't want to wait until we added MDC-2 and MDC-4 to the article you can read about them in the Handbook of Applied Cryptography. You can follow that link and freely and legally download the book as pdf-files! Chapter 9, page 342 describes MDC-2 and MDC-4 in detail.
--David Göthberg 10:07, 2 February 2006 (UTC)[reply]
Thanks a lot! --JeffryJohnston 00:36, 3 February 2006 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:One-way_compression_function&oldid=37925876"