[tahoe-dev] dear DJB: Tiger in eBASH, and also check out my cool project

Aleksandr Milewski zandr at allmydata.com
Fri Oct 17 21:08:26 PDT 2008 

fwiw, we don't have amd64 servers. :)

They are 64-bit capable, but we're running 32-bit Linux on them.

-ZP

On Oct 17, 2008, at 4:34 PM, zooko wrote:

> Folks:
>
> I just sent this note to DJB.  It isn't personal, and is probably of  
> interest to some people on this list.
>
> By the way, I updated (for hopefully the very last time) the graphs  
> in http://allmydata.org/~zooko/lafs.pdf .  It shows that there are  
> now 9.5 TB of user data stored on the Tahoe grid operated by  
> allmydata.com.
>
> Regards,
>
> Zooko
>
> Begin forwarded message:
>
>> From: zooko <zooko at zooko.com>
>> Date: October 17, 2008 17:30:10 PM MDT
>> To: "D. J. Bernstein" <djb at cr.yp.to>
>> Subject: Tiger in eBASH, and also check out my cool project
>>
>> Dear DJB:
>>
>> I'm a professional engineer who uses cryptography, and I very much  
>> appreciate your contributions to the field.  This includes your  
>> benchmarking work -- thanks for that!
>>
>> I have been considering switching from SHA-256 to Tiger in my  
>> secure filesystem application.  One reason is that Tiger is  
>> signficantly faster on our amd64 servers (although I have not yet  
>> measured the performance in the context of our actual  
>> application).  Another reason is that we have an overall intended  
>> crypto strength of 96 bits -- we intend to switch to ECDSA with 192- 
>> bit public keys, and if we use SHA-256 for key derivation then we  
>> would truncate the output to 192-bits, which makes me worry a  
>> little.  I feel that Tiger-192 is probably safer, as well as  
>> faster, than SHA-256 % 192 for key-derivation.  For file hashing,  
>> it seems better to me to use a 192-bit hash function to match 192- 
>> bit digital signatures than to use a 256-bit hash function.
>>
>> (The motivation for this unusual decision to have a 96-bit crypto  
>> strength is included in my paper, below.)
>>
>> Sean O'Neill's mysterious tests [1] rate Tiger as the only hash  
>> function which has four times as many rounds as his tests can  
>> distinguish from random (if I understand the idea behind that web  
>> page).
>>
>> Anyway, the reason I'm writing to you is to request that you  
>> include Tiger in eBASH.  In addition to possibly helping out  
>> working engineers like me who are considering using Tiger, this  
>> will also give a good bar for the SHA-3 cryptographers to measure  
>> their works against.  There's nothing like a working example to  
>> focus people's minds.
>>
>> I've attached the 6-page summary of my filesystem [2], due to be  
>> presented in two weeks at the Storage, Security, and Survivability  
>> Workshop after ACM CCS 2008.
>>
>> See also my post to the hash-forum list a few months ago, which  
>> claims that almost no practical, deployed big-data tools use  
>> SHA-256.  My filesystem is an exception, but I'm currently  
>> considering joining the rest of the big-data tools in using a  
>> faster hash function.
>>
>> http://zooko.com/sha256_is_too_slow.html
>>
>> Thanks!
>>
>> Regards,
>>
>> Zooko Wilcox-O'Hearn
>>
>> [1] http://defectoscopy.com/results.html
>> [2] http://allmydata.org/~zooko/lafs.pdf
>> ---
>> http://allmydata.org -- Tahoe, the Least-Authority Filesystem
>> http://allmydata.com -- back up all your files for $10/month
>>
> <lafs.pdf>_______________________________________________
> tahoe-dev mailing list
> tahoe-dev at allmydata.org
> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev

More information about the tahoe-dev mailing list