[tahoe-dev] dear DJB: Tiger in eBASH, and also check out my cool project
zooko
zooko at zooko.com
Fri Oct 17 16:34:31 PDT 2008
Folks:
I just sent this note to DJB. It isn't personal, and is probably of
interest to some people on this list.
By the way, I updated (for hopefully the very last time) the graphs
in http://allmydata.org/~zooko/lafs.pdf . It shows that there are
now 9.5 TB of user data stored on the Tahoe grid operated by
allmydata.com.
Regards,
Zooko
Begin forwarded message:
> From: zooko <zooko at zooko.com>
> Date: October 17, 2008 17:30:10 PM MDT
> To: "D. J. Bernstein" <djb at cr.yp.to>
> Subject: Tiger in eBASH, and also check out my cool project
>
> Dear DJB:
>
> I'm a professional engineer who uses cryptography, and I very much
> appreciate your contributions to the field. This includes your
> benchmarking work -- thanks for that!
>
> I have been considering switching from SHA-256 to Tiger in my
> secure filesystem application. One reason is that Tiger is
> signficantly faster on our amd64 servers (although I have not yet
> measured the performance in the context of our actual
> application). Another reason is that we have an overall intended
> crypto strength of 96 bits -- we intend to switch to ECDSA with 192-
> bit public keys, and if we use SHA-256 for key derivation then we
> would truncate the output to 192-bits, which makes me worry a
> little. I feel that Tiger-192 is probably safer, as well as
> faster, than SHA-256 % 192 for key-derivation. For file hashing,
> it seems better to me to use a 192-bit hash function to match 192-
> bit digital signatures than to use a 256-bit hash function.
>
> (The motivation for this unusual decision to have a 96-bit crypto
> strength is included in my paper, below.)
>
> Sean O'Neill's mysterious tests [1] rate Tiger as the only hash
> function which has four times as many rounds as his tests can
> distinguish from random (if I understand the idea behind that web
> page).
>
> Anyway, the reason I'm writing to you is to request that you
> include Tiger in eBASH. In addition to possibly helping out
> working engineers like me who are considering using Tiger, this
> will also give a good bar for the SHA-3 cryptographers to measure
> their works against. There's nothing like a working example to
> focus people's minds.
>
> I've attached the 6-page summary of my filesystem [2], due to be
> presented in two weeks at the Storage, Security, and Survivability
> Workshop after ACM CCS 2008.
>
> See also my post to the hash-forum list a few months ago, which
> claims that almost no practical, deployed big-data tools use
> SHA-256. My filesystem is an exception, but I'm currently
> considering joining the rest of the big-data tools in using a
> faster hash function.
>
> http://zooko.com/sha256_is_too_slow.html
>
> Thanks!
>
> Regards,
>
> Zooko Wilcox-O'Hearn
>
> [1] http://defectoscopy.com/results.html
> [2] http://allmydata.org/~zooko/lafs.pdf
> ---
> http://allmydata.org -- Tahoe, the Least-Authority Filesystem
> http://allmydata.com -- back up all your files for $10/month
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lafs.pdf
Type: application/pdf
Size: 275101 bytes
Desc: not available
Url : http://allmydata.org/pipermail/tahoe-dev/attachments/20081017/49a5e478/attachment-0001.pdf
More information about the tahoe-dev
mailing list