Re: [Haskell-cafe] Digests

2 Dec 2010


      ...
2010/12/3 Permjacov Evgeniy :
...
The data integrity checks is well-known problem. A common soluting is
use of 'checksums'. Most of them , however, are built in quite
obfuscated manner (like md5) that results in ugly and error-prone
implementations (see reference implementation for same md5).
So, the question is: is there a checksum, that is easy to implement over
stream of bytes and may work as good checksum and is good in sence that
creation of messages with same checksum that given message has is very
hard problem (at least 2^128 tries) ?
2^128 tries needed for hash size of 256 bits. See
http://en.wikipedia.org/wiki/Birthday_attack
Ok, I have to use at least 256 bit resulting value. This is four Word64
or 32 Word8 ... Well, maybe it will work
Most of the time you can get away with usual block ciphers (and even
with weaker parameters). There is a scheme that transforms block
cipher into hash function:
http://en.wikipedia.org/wiki/CRHF#Hash_functions_based_on_block_ciphers
*/me wrote it into to_read list. The problem is, however, that block
ciphers are quite unfriendly to plain word8 streams. It is not a deadly
On 12/03/2010 12:33 AM, Serguey Zefirov wrote:
problem, but i'd like to avoid block collections.
...
RC5, for example, parametrized by number of encryption rounds. RC5
with 12 rounds has sufficiently good avalanche (spread of bit change)
so that you can use 12-round RC-5 instead of full death proof
20-round.