[cap-talk] SHA-1 Broken; alternative?
Hal Finney
hal at finney.org
Thu Feb 17 13:25:54 EST 2005
Sandro Magi writes:
> This cropped up in a discussion of the SHA-1 break and I thought people
> might find it useful as a potential alternative:
> Poly1305-AES
> http://cr.yp.to/mac.html
That's a MAC, not a hash. A MAC takes a secret key and a public message
and produces an output string. Someone knowing the secret key can
check the string against the message and verify that they go together.
This protects messages against modification and proves that the sender
knew the secret key.
A hash is simpler, it just scrambles the data in a random way.
That actually seems to be harder to do well than to MAC it, perhaps
because the MAC has part of its input being secret while all of the
hash's input is public.
Hal Finney
More information about the cap-talk
mailing list