[Haskell-cafe] Digests

Serguey Zefirov sergueyz at gmail.com
Thu Dec 2 22:33:58 CET 2010


2010/12/3 Permjacov Evgeniy <permeakra at gmail.com>:
> The data integrity checks is well-known problem. A common soluting is
> use of 'checksums'. Most of them , however, are built in quite
> obfuscated manner (like md5) that results in ugly and error-prone
> implementations (see reference implementation for same md5).
>
> So, the question is: is there a checksum, that is easy to implement over
> stream of bytes and may work as good checksum and is good in sence that
> creation of messages with same checksum that given message has is very
> hard problem (at least 2^128 tries) ?

2^128 tries needed for hash size of 256 bits. See
http://en.wikipedia.org/wiki/Birthday_attack

Most of the time you can get away with usual block ciphers (and even
with weaker parameters). There is a scheme that transforms block
cipher into hash function:
http://en.wikipedia.org/wiki/CRHF#Hash_functions_based_on_block_ciphers

RC5, for example, parametrized by number of encryption rounds. RC5
with 12 rounds has sufficiently good avalanche (spread of bit change)
so that you can use 12-round RC-5 instead of full death proof
20-round.



More information about the Haskell-Cafe mailing list