Security of truncated hash functions
Robert J. Hansen
rjh at sixdemonbag.org
Sat Jul 29 11:35:50 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Qed wrote:
> Which solution would be safer?
Assuming an idealized hash function, they're of equal strength. If each
bit of the hash algorithm is effectively random with a 50/50
distribution, then a truncated hash is just as good as a full-size hash.
In the real world, hashes aren't idealized and this may not be good advice.
Just another instance where theory and practice are subtly different
from each other...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCgAGBQJEyyv1AAoJELcA9IL+r4EJb1kH/iQ3F668BwcDhpWtByx9yyPP
loR+1FuZaC7P4F+yP/Gk4gk3t2kA56sEWXOlrNQ4exwRdg7/pO0mquERgiiPvZ/B
cjzOkeMWKc5yc0w9YBNdbB9xgnioZ7QfTVvUzgi+IYWfLyTbkTygN6+aH2tOL71R
/YsKYcsYqoX2/bbizpcAHt9V86VBrPHOw7l0K8e2UofLP8xzyUhI72l3rZgonjbh
uKGnPr/7zuL5EHawe3FcOjyWo2aaQ6VsXgWsPm+4I6PKPko7NSE9keGIuzs7Cy2A
aUrDOVgE0++TkA7DkDSakM2CbeS4iXIMx7veSRaKYOwp5ldeo0xlBz1zPCBZdt0=
=zJvR
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list