Changes between Version 45 and Version 46 of NewCaps/WhatCouldGoWrong
- Timestamp:
- 2009-10-15T05:04:33Z (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
NewCaps/WhatCouldGoWrong
v45 v46 37 37 7. The formula given in the Wikipedia Birthday Attack page is sqrt(2.ln(1/(1-''p''))).2^(''r''+''t'')/2^, but the approximation given here is very accurate for small ''p'', and can only underestimate the cost. For ''p'' = 1/2 it underestimates by only a factor of 1.18. For ''p'' near 1 it underestimates severely; it is very hard for an attacker to be ''certain'' to find a collision. 38 38 39 8. In order for the combined hash with output (''R'',''T'') to have the strength against collision and preimage attacks given here, there must not be multicollision attacks against the hash truncated to ''r'' bits or to ''t'' bits that would yield an easier attack on the combined hash. [ref mailing list article]39 8. In order for the combined hash with output (''R'',''T'') to have the strength against collision and preimage attacks given here, there must not be multicollision attacks against the hash truncated to ''r'' bits or to ''t'' bits, that would yield an easier attack on the combined hash. See http://allmydata.org/pipermail/tahoe-dev/2009-October/003006.html .
