Content deleted Content added
What is E? |
Responded to some questions. |
||
Line 1:
{{CryptographyProject}}
== What is E? ==▼
I see a function E() in the equations, but I can't figure out from the context what this function is. Could someone fill it in more completely?▼
== Attack on Davies-Meyer ==
Ok, the merge of several other articles into this one is done, sort of. There is some more information in the [[Davies-Meyer hash|old Davies-Meyer article]] about an attack that I did not merge since I did not understand it. If I just cut and paste that paragraph it will make even less sense since it depends on the notification established further up in the old article and I have changed that notification in this article. So for now I left the old Davies-Meyer article as it is (not turned it into a redirect). I left a note about it and link to it in the Davies-Meyer section of this article. I hope some one can make sense to it and rewrite it properly and merge it some day. --[[User:Davidgothberg|David Göthberg]] 06:05, 28 January 2006 (UTC)
:The fixed point attack that I removed from the old Davies-Meyer article keeps coming back. That attack is not at all “easy” as some claim but requires exponential time (2^block size). The fixed point can be found easily only if the used block cipher has been already broken - and is easily broken. If the block cipher is secure then the Davies-Meyer is secure. [[User:Atwater|Atwater]] 19:00, 21 July 2006 (UTC) Atwater
::''According to Bruce Schneier this "is not really worth worrying about"[4]'' He probably meant '''in practice''', this is not worth worrying about. In the Eurocrypt 2005 paper with Kelsey, Schneier DOES use the fixpoint attack to show that the MD construction is far from being a random oracle, and so in a sense more brittle than one would wish it to be. However their attack is completely impractical because to be effective, it requires gigantic messages. [[User:71.142.222.181|71.142.222.181]] 19:04, 9 March 2007 (UTC)▼
▲''According to Bruce Schneier this "is not really worth worrying about"[4]'' He probably meant '''in practice''', this is not worth worrying about. In the Eurocrypt 2005 paper with Kelsey, Schneier DOES use the fixpoint attack to show that the MD construction is far from being a random oracle, and so in a sense more brittle than one would wish it to be. However their attack is completely impractical because to be effective, it requires gigantic messages. [[User:71.142.222.181|71.142.222.181]] 19:04, 9 March 2007 (UTC)
== Comparisons? ==
Line 37 ⟶ 32:
What does this mean? What are the criteria? If your 128-bit key is secure, shouldn't it require 2^64 operations to find even a collision? Why isn't that big enough? Or is there something being left unsaid about how secure the block based ciphers are?
--[[User:72.18.229.146|72.18.229.146]] 00:21, 29 August 2006
:Because the most powerful computing systems available to some organisations nowadays probably can do about 2<sup>64</sup> operations. Thus a 128-bit hash might not be secure against such powerful adversaries. And in some cases you want your hash to be secure say at least 10 years into the future too. If you want to read more you can for instance read the ''[http://www.cacr.math.uwaterloo.ca/hac/ Handbook of Applied Cryptography]'' that we link to in the references. You can follow that link and freely and legally download the book as pdf-files. --[[User:Davidgothberg|David Göthberg]] 19:46, 10 June 2007 (UTC)
▲== What is E? ==
▲I see a function E() in the equations, but I can't figure out from the context what this function is. Could someone fill it in more completely? [[User:mbset]] 13:50, 9 June 2007
:E() is the encrypt function of the block cipher used. So <math>E_{m}{(H)}</math> means to encrypt the data "H" and use the key "m". --[[User:Davidgothberg|David Göthberg]] 19:46, 10 June 2007 (UTC)
| |||