On February 17, 2005, Michael Cordover <michael.cordover@xxxxxxxxx> wrote: > On Wed, 16 Feb 2005 14:56:27 +0200, Gadi Evron <gadi@xxxxxxxxxxxxx> wrote: > > > > Where do we go from here? > > The standard response to "where to now" seems to be Whirlpool > [http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html]. > That or Tiger [http://www.cs.technion.ac.il/~biham/Reports/Tiger/]. There has indeed been a lot of positive buzz about Whirlpool. I have seen comments, though, that Whirlpool is quite slow, but that Tiger is pretty reasonable on 64-bit CPUs. No doubt we'll see more analyses of these as the old standbys start to look more and more shaky. > The team which has cracked SHA1 is the same that cracked MD5 and > exposed weaknesses in the RIPEMD model. They're good. And they've > shown that what I would've thought to be the Next Best Thing - RIPEMD Yeah, for instance RIPEMD-160 is the only other message digest algorithm currently implemented in the OpenSSL library that would be worth using (other than perhaps MDC2, which I haven't seen much discussion of -- it's apparently a method of constructing a 128-bit output hash function out of a block cipher -- the OpenSSL implementation uses DES). > - is yet another flawed system. The original RIPEMD is indeed flawed, as shown by Hans Dobbertin in '95 for a reduced-round version and by the Chinese team for the full-round version. However, I have not seen analysis saying that this weakness also applies to RIPEMD-128 / RIPEMD-160 / RIPEMD-256 / RIPEMD-320 (<http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html>), the strengthened versions which were co-developed by Dobbertin in '96, partially in response to the weakness that he found. Pages like The Hashing Function Lounge (<http://planeta.terra.com.br/informatica/paulobarreto/hflounge.html>) agree with this separation of RIPEMD vs. the RIPEMD-160 family. -- Dan Harkless http://harkless.org/dan/
