Hi Tony, On Mon, Mar 30, 2015 at 3:55 AM, Tony Finch <d...@dotat.at> wrote: > In the security considerations, it says: > > > 1. Work Factor - To make brute force inversion hard, a cryptographic > hash should be computationally expensive, especially for a general > purpose processor. But FNV is designed to be very inexpensive on a > general-purpose processor. (See Appendix A.)
OK. The text above is not very precise. > As I understand it, the inversion resistance of crypto hash functions is not > based on the computational cost of the function. A lot of effort is put in > to making hashes fast, because they affect the performance of encrypted > communication. There are various ways to attack a hash function. One brute force way, if you know the output, is to try inputs until you find one that produces that output. Of course, a hash function is not literally invertible since, in most cases, there are an infinite number of inputs that will produce each possible output. But there are usually other constraints on the "input" you are looking for, so, if it is cheap enough to compute the hash function, and given the ability to obtain vast computing resources through elastic cloud services or botnets, this can still be a viable attack. > AFAIK the term "work factor" is usually a synonym for the iteration count in > higher-level functions like PBKDFs which want slowing down as computers get > faster. I do not agree. "work factor" is just what it says, amount of work. An iteration count is one way to increase the work factor but I do not consider them synonymous. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop