william(at)elan.net wrote:
<ot>
[...].
me wonders how many are on this list who understood what
I wrote
At least Hector and me - as an Apache-ignorant I still think
of it as "something like Maximus, only WWW instead of BBS" ;-)
</ot>
In cryptography world longer generally means better.
Yes, but there must be more. It would be simple to modify
MD5 to get n * 128 bits instead of 128 bits. But there's
no parameter "desired length", for 2*128 the algorithm is
different, it's SHA-256.
It's not only the length, it's also the number of internal
functions (MD5 has four) and the different ways to use them
(16 in MD5 for 4*16 rounds).
I watch the "hash WG"
Its BoF and it may not become a WG. I'm actually a bit
frustrated that nothing serious happened and that majority
just want to create BCP on "hash security" rather then
actually work on fixing effected protocols.
All waiting for some NIST work, was my very vague impression.
[why not just 2*128]
You break it apart and now have to create collision of part1
and part2.
Okay, that's clear, if you need one day and one PC to attack
MD5, then another day or PC doesn't help. We want to force
you to use 2**128 days or PCs, because you just can't do this.
Or maybe "only" 2**64, about ten billion days or PCs is good
enough. I'd still like an algorithm where "desired length"
is a parameter.
Bye, Frank