fix wikipedia link
[Imported from Trac: page NewCaps/Rainhill, version 6]
parent
2d1a4e35d7
commit
14e2be2cba
|
@ -25,7 +25,7 @@ where *k* = bitlength(*K_**), *r* = bitlength(*R*), *s* = bitlength(*S*) = bitle
|
||||||
|
|
||||||
1. *shape-shifter immutable file*: creator creates more than one file matching the immutable file readcap
|
1. *shape-shifter immutable file*: creator creates more than one file matching the immutable file readcap
|
||||||
|
|
||||||
2. See the probability table at <http://en.wikipedia.org/wiki/Birthday_Attack> . The effective hash length is approximately *r*+*t* bits.
|
2. See the probability table at <https://en.wikipedia.org/wiki/Birthday_attack> . The effective hash length is approximately *r*+*t* bits.
|
||||||
|
|
||||||
3. On Merkle-Damgård hashes with an internal state that is the same size as the hash output (like SHA-256), there are better second-preimage attacks than brute force. See <http://www.schneier.com/paper-preimages.pdf> . The doubled "SHA-256d" construction used by Tahoe does not help here. This is not significant for roadblock/speedbump attacks because the internal state will be much larger than *t* bits, but it is significant for the other second-preimage attacks.
|
3. On Merkle-Damgård hashes with an internal state that is the same size as the hash output (like SHA-256), there are better second-preimage attacks than brute force. See <http://www.schneier.com/paper-preimages.pdf> . The doubled "SHA-256d" construction used by Tahoe does not help here. This is not significant for roadblock/speedbump attacks because the internal state will be much larger than *t* bits, but it is significant for the other second-preimage attacks.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue