David O'Brien <obrien@FreeBSD.org> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > Is there a reason to choose sha256 over a weaker, faster hash? > Using a weaker hash could reduce the amount of entropy in the > output (due to collisions). > > The Yarrow paper makes this argument (but willing to potentially loose > some entropy) in 5 'The Generic Yarrow Design an Yarrow-160' > > The reason is if you take an 'm' bit random value and apply a hash > function that produces 'm' bits of output, the result has less than > 'm' bits of entropy due to the collisions that occur. This is a very > minor effect, and overall results in the loss of at most a few bits > of entropy. I was thinking along the lines of feeding at least 2 * m into the hash function, possibly much more. Remember that we're talking about finding an alternative to discarding large amounts of data. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"