| |
 |
|
|
Science Forum Index » Cryptography Forum » Any good reason to use SHA over a block cipher hash?
Page 1 of 1
|
| Author |
Message |
| Tim Smith |
 Posted: Sun Jan 04, 2004 6:40 pm |
|
|
|
Guest
|
Given that you need a good block cipher, such as AES, for a given
application, if you also need a hash, is there a good reason to use
something like SHA, rather than using the block cipher in one of the schemes
that constructs a hash out of a block cipher (e.g., Davies-Meyer)?
I haven't measured, but I'm guessing that hashes designed as hashes are
probably faster than block ciphers used as hashes, so that might be one
reason. Are there others?
The points in favor of the block cipher hash are (1) smaller total code
size, (2) only one chunk of mysterious code to get right.
--
--Tim Smith |
|
|
| Back to top |
|
| David Wagner |
| Posted: Sun Jan 04, 2004 6:40 pm |
|
|
|
Guest
|
Tim Smith wrote:
Quote: Given that you need a good block cipher, such as AES, for a given
application, if you also need a hash, is there a good reason to use
something like SHA, rather than using the block cipher in one of the schemes
that constructs a hash out of a block cipher (e.g., Davies-Meyer)?
I'm more confident in the security of SHA than I am in the
security of AES in Davies-Meyer mode. Hashing modes of operation
put more stress on the key schedule than ordinary encryption modes
do, and I'm not convinced that the AES key schedule has been studied
as well as I'd like.
Also, AES in Davies-Meyer mode gives only a 128-bit hash, while
SHA gives a 160-bit hash. A 128-bit hash is arguably too short for
many purposes. |
|
|
| Back to top |
|
| Tom St Denis |
| Posted: Sun Jan 04, 2004 6:56 pm |
|
|
|
Guest
|
"Tim Smith" <reply_in_group@mouse-potato.com> wrote in message
news:Uv1Kb.37435$Pg1.7518@newsread1.news.pas.earthlink.net...
Quote: Given that you need a good block cipher, such as AES, for a given
application, if you also need a hash, is there a good reason to use
something like SHA, rather than using the block cipher in one of the
schemes
that constructs a hash out of a block cipher (e.g., Davies-Meyer)?
I haven't measured, but I'm guessing that hashes designed as hashes are
probably faster than block ciphers used as hashes, so that might be one
reason. Are there others?
The points in favor of the block cipher hash are (1) smaller total code
size, (2) only one chunk of mysterious code to get right.
Hashes produce larger digests.
Note that most hashes ARE ciphers in Davies-Meyers style modes.
Tom |
|
|
| Back to top |
|
| |
|
Page 1 of 1
All times are GMT - 5 Hours
The time now is Sun Oct 12, 2008 12:51 am
|
|