[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: scrypt Internet Draft
tor 2013-06-13 klockan 17:09 +0200 skrev Francois Grieu:
> As discussed at
> it appears that the statement made here
> > Salsa20/8 Core is not a cryptographic hash function since it is not collision-resistant.
> is (at least) causing confusion, and (I believe) is wrong, for the Salsa20/8 Core
> is intended to be collision-resistant, and is, AFAIK.
I believe that is false. Salsa20 Core is not designed to be
collision-resistant, read DJB's own page:
For example, Salsa20core(x) = Salsa20core(x + c) for c =
"0000000800000008...", thus demonstrating trivial collisions.
To be concrete, try computing Salsa20core for the the following two
the output for both inputs should be all zeros.