Hi Tony,

On Mon, Mar 30, 2015 at 3:55 AM, Tony Finch <d...@dotat.at> wrote:
> In the security considerations, it says:
>
>
>    1. Work Factor - To make brute force inversion hard, a cryptographic
>       hash should be computationally expensive, especially for a general
>       purpose processor. But FNV is designed to be very inexpensive on a
>       general-purpose processor. (See Appendix A.)

OK. The text above is not very precise.

> As I understand it, the inversion resistance of crypto hash functions is not
> based on the computational cost of the function. A lot of effort is put in
> to making hashes fast, because they affect the performance of encrypted
> communication.

There are various ways to attack a hash function. One brute force way,
if you know the output, is to try inputs until you find one that
produces that output. Of course, a hash function is not literally
invertible since, in most cases, there are an infinite number of
inputs that will produce each possible output. But there are usually
other constraints on the "input" you are looking for, so, if it is
cheap enough to compute the hash function, and given the ability to
obtain vast computing resources through elastic cloud services or
botnets, this can still be a viable attack.

> AFAIK the term "work factor" is usually a synonym for the iteration count in
> higher-level functions like PBKDFs which want slowing down as computers get
> faster.

I do not agree. "work factor" is just what it says, amount of work. An
iteration count is one way to increase the work factor but I do not
consider them synonymous.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

> Tony.
> --
> f.anthony.n.finch  <d...@dotat.at>  http://dotat.at

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to