svn commit: r239569 - head/etc/rc.d
Dag-Erling Smørgrav
des at des.no
Thu Sep 6 18:31:28 UTC 2012
David O'Brien <obrien at FreeBSD.org> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > Is there a reason to choose sha256 over a weaker, faster hash?
> Using a weaker hash could reduce the amount of entropy in the
> output (due to collisions).
>
> The Yarrow paper makes this argument (but willing to potentially loose
> some entropy) in 5 'The Generic Yarrow Design an Yarrow-160'
>
> The reason is if you take an 'm' bit random value and apply a hash
> function that produces 'm' bits of output, the result has less than
> 'm' bits of entropy due to the collisions that occur. This is a very
> minor effect, and overall results in the loss of at most a few bits
> of entropy.
I was thinking along the lines of feeding at least 2 * m into the hash
function, possibly much more. Remember that we're talking about finding
an alternative to discarding large amounts of data.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list