17 Dec
2003
17 Dec
'03
11:17 p.m.
On Tue, 5 Jul 1994, Derek Atkins wrote:
Roger:
I would recomend replacing that option or discarding it, that is unless hash functions never throw away bits in sizes smaller than their output size. (again, that was my question)
They shouldn't. I refer back to my last statement, that if they did, it would make breaking the hash much easier.
This refers to the secure drive 1024 iterations of MD5. Without a proof that md5(128bit number) is a one to one transformation, my statement about looseing entropy is possibly. I don't think that it has been demonstrated that md5^1024 is more secure than md5. NOBODY HAS IMPLIED THAT SUCH A PROOF, or equivilent proof, exists. Roger.