Halvar and sci.crypt on Cryptanalysis Work

Thomas Ptacek | April 17th, 2006 | Filed Under: Defenses

Via Halvar (He’s posting! Maybe the blogroll’s working!):

Setting out to break a significant crypto algorithm could very easily lead to “10+ years in the wilderness and a botched academic career due to a lack of publications”. The result: If you haven’t earned tenure yet, and want to work in crypto, you work on the constructive side.

And via sci.crypt (and David Wagner in particular), a fun thread:

Not a good choice. If Hash() produces n-bit outputs, there is an attack that requires only 2^{n/3} time… [my edit] … I concur with the recommendation expressed elsewhere in this thread: you need a lot of experience in hash function cryptanalysis before you are qualified to design new hash functions.