|
|
Boost : |
From: Darryl Green (darryl.green_at_[hidden])
Date: 2024-12-14 04:36:36
There has been a lot of discussion, in hash2 review, about non-idempotent
result() / every hash2 hash algorithm is required to be an extensible hash
function. I have questions:
Isn't any non-idempotent result function surprising? As I said in my
review, hash2 imposing the extensibility requirement on "raw" hash
algorithms that are not XOFs (you can always do "something" to extend it
but doing "something" does not always make a good extensible hash function)
is surprising. Ideally hash2 should allow an XOF to be used but not by
requiring every hash to pretend to be one. I did say some documentation
would help but I feel that relying on docs to make it hard to "do the wrong
thing" or even possible to do what should be a simple thing (use an
existing hash algorithm/algorithm implementation) without that in itself
being a silly mistake (NOT having result in some way stir the pot is a bug,
now, unless one considers extension by repetition to be "good enough" -
which absurd as it sounds, maybe it is - it's at least "honest"). What is
the specification for a "hash2 XOF"? Does the author really mean to take on
the role of specifying the properties required? If FIPS says that a
function is an XOF it probably is. If FIPS doesn't say that, but Peter says
it is one (it must be to be a "hash2 hash algorithm")... Is that ok? Who
wins?
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk