[Haskell-cafe] Digests

Permjacov Evgeniy permeakra at gmail.com
Fri Dec 3 01:12:32 CET 2010

On 12/03/2010 12:33 AM, Serguey Zefirov wrote:
> 2010/12/3 Permjacov Evgeniy <permeakra at gmail.com>:
>> The data integrity checks is well-known problem. A common soluting is
>> use of 'checksums'. Most of them , however, are built in quite
>> obfuscated manner (like md5) that results in ugly and error-prone
>> implementations (see reference implementation for same md5).
>> So, the question is: is there a checksum, that is easy to implement over
>> stream of bytes and may work as good checksum and is good in sence that
>> creation of messages with same checksum that given message has is very
>> hard problem (at least 2^128 tries) ?
> 2^128 tries needed for hash size of 256 bits. See
> http://en.wikipedia.org/wiki/Birthday_attack
Ok, I have to use at least 256 bit resulting value. This is four Word64
or 32 Word8 ... Well, maybe it will work
> Most of the time you can get away with usual block ciphers (and even
> with weaker parameters). There is a scheme that transforms block
> cipher into hash function:
> http://en.wikipedia.org/wiki/CRHF#Hash_functions_based_on_block_ciphers
*/me wrote it into to_read list. The problem is, however, that block
ciphers are quite unfriendly to plain word8 streams. It is not a deadly
problem, but i'd like to avoid block collections.
> RC5, for example, parametrized by number of encryption rounds. RC5
> with 12 rounds has sufficiently good avalanche (spread of bit change)
> so that you can use 12-round RC-5 instead of full death proof
> 20-round.

More information about the Haskell-Cafe mailing list