-
New conversation
-
-
-
@jedisct1 if you create a collision for an early block of a hash, it sticks regardless of suffix. An unknown IHV collision is unlikely. -
@mik235 Makes sense. But why not prehash the message, then? - 1 more reply
New conversation -
-
-
@jedisct1 collisionsThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@PapaZopim
@hyperelliptic@matthew_d_green@mik235@veorq@jedisct1 I'd still prefix the nonce just in case, even with SHA-3 :-) -
@pbarreto @PapaZopim@hyperelliptic@matthew_d_green@veorq@jedisct1 see also this quiet patch to rsync: https://git.samba.org/?p=rsync.git;a=commitdiff;h=eac858085e3ac94ec0ab5061d11f52652c90a869 … - 2 more replies
New conversation -
-
-
@jedisct1 a hash collision will still destroy you thereThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jedisct1 paper says: R as input to the hash function provides collision resilience: attacker cannot break it by finding hash collisions.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jedisct1 With a better hash function, it's trivial to do safely. Hamburg's Ed448 does, mirrored at https://github.com/coruus/ed448-goldilocks …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.