On Tue, Sep 28, 2004 at 12:14:05PM +0300, Giorgos Keramidas wrote: > There is one difference between ``looking for collisions'' and being > bitten by undetected collisions though. > > If the probability of a collision just happening with random user data > is 1/(2^128) we can't be sure that it will necessarily take the > transfer of an average number of 2^127 blocks before a collision > happens. You might get one at the very first pair of blocks and then > no collisions ever after until the Sun burns out. > > Using two different hashes for the same set of input data, which David > G. Andersen proposed, seems like a nice idea though. If you buy the "logic" of the paper, this would not make much difference. After all, composing two hashes just gives you another hash with a longer bit length. This paper needs a lot more peer review, although I'm not sure that many take it seriously enough to bother. Cheers, -- Jacques A Vidrine / NTT/Verio [email protected] / [email protected] / [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"