Date: Thu, 06 Sep 2012 20:31:26 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: obrien@freebsd.org Cc: Arthur Mesh <arthurmesh@gmail.com>, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <86pq5zovep.fsf@ds4.des.no> In-Reply-To: <20120906182816.GE13179@dragon.NUXI.org> (David O'Brien's message of "Thu, 6 Sep 2012 11:28:16 -0700") References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903005708.7082f230@gumby.homeunix.com> <20120906171824.GC14757@dragon.NUXI.org> <86392vqc86.fsf@ds4.des.no> <20120906182816.GE13179@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David O'Brien <obrien@FreeBSD.org> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > Is there a reason to choose sha256 over a weaker, faster hash? > Using a weaker hash could reduce the amount of entropy in the > output (due to collisions). > > The Yarrow paper makes this argument (but willing to potentially loose > some entropy) in 5 'The Generic Yarrow Design an Yarrow-160' > > The reason is if you take an 'm' bit random value and apply a hash > function that produces 'm' bits of output, the result has less than > 'm' bits of entropy due to the collisions that occur. This is a very > minor effect, and overall results in the loss of at most a few bits > of entropy. I was thinking along the lines of feeding at least 2 * m into the hash function, possibly much more. Remember that we're talking about finding an alternative to discarding large amounts of data. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86pq5zovep.fsf>