www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - The Whirlpool hash function

reply Arcane Jill <Arcane_member pathlink.com> writes:
For those of you who haven't been following the latest developments in
cryptography, hash functions have recently suffered badly from a new attack
called the joux attack. It makes hash collisions easier to find, and, to cut a
long story short, makes the current crop of hash functions only half as strong
as we thought they were. So, for example, an MD5 hash has 128 bits ... but the
joux attack lets you find collisions as if it had only 64 bits. (More or less.
I'm simplifying greatly). The long and the short of it is that cryptographers
need to use stronger hash functions.

Which brings us to Whirlpool.
(http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html).
Whirlpool is a hash function which produces 512 bits of hash, which sounds good
enough for me. Anyone fancy adding an implementation of this to D's growing hash
suite?

Arcane Jill
Sep 24 2004
parent =?ISO-8859-1?Q?Sigbj=F8rn_Lund_Olsen?= <sigbjorn lundolsen.net> writes:
Arcane Jill wrote:
 For those of you who haven't been following the latest developments in
 cryptography, hash functions have recently suffered badly from a new attack
 called the joux attack. It makes hash collisions easier to find, and, to cut a
 long story short, makes the current crop of hash functions only half as strong
 as we thought they were. So, for example, an MD5 hash has 128 bits ... but the
 joux attack lets you find collisions as if it had only 64 bits. (More or less.
 I'm simplifying greatly). The long and the short of it is that cryptographers
 need to use stronger hash functions.
 
 Which brings us to Whirlpool.
 (http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html).
 Whirlpool is a hash function which produces 512 bits of hash, which sounds good
 enough for me. Anyone fancy adding an implementation of this to D's growing
hash
 suite?
 
 Arcane Jill
(Sorry about the bump) I would like to point out that the length of the hash has nothing to do with its strength. MD4 is also a 128 bit hash, yet vastly weaker than its cousing MD5. It's about how the hashes are constructed. The advantage of Whirlpool/Tiger etc, are that they are based (iirc) on different primitives than MD/SHA-family hashes. They're also less common, so less (open) cryptanalysis research is done on them. Which can be both a good thing and a bad thing. Cheers, Sigbjørn Lund Olsen
Oct 16 2004