Re: HAVAL - But which variant (and what OID?)

[nospam-seesignature@xxxxxxxxxx]

On Mon, 23 Mar 1998, Jim Gillogly wrote:

> Hal Finney writes:
> 
> > I can't find an OID assignment for HAVAL.  Peter Gutmann has a long list
> > of known security related OIDs in his dumpasn1.cfg file, but it does not
> > list HAVAL.  You might direct email to the author and ask if he knows
> > of an OID assignment.  I suspect we would need a family of OIDs, one for
> > each length/passes combination.
> 
> I wrote to the author -- he's interested but unfamiliar with the OID
> process.  Is it the case that one of us can simply define and declare
> a set of HAVAL variants that meets our needs?

The problem is that Hash Algorithm 4 is "HAVAL", but it has to mean a
specific variant.  I am setting it for 5 pass/160 bit.  128 bit might also
be good, or even 256 bit (for non-DSA).  But I would rather new has
algorithm *numbers* be assigned, e.g. HAVAL-5/160, HAVAL-3/128, etc.

> tzeruch asks:
> > And is there an implementation without copyright or patent problems?
> 
> Yes, Paulo Barreto has written a public domain implementation of HAVAL.
> It's at http://ds.dial.pipex.com/george.barwood/crypto.htm
> and is apparently correct, since the author, Yuliang Zheng, acknowledges
> that Barreto found and reported an error in the reference
> implementation.

I tried it, but I am having some problems getting it to pass its
self-test.  I also wrote the author - his page,
http://pscit-www.fcit.monash.edu.au/~yuliang/src/
gives liberal copyright terms.

--- reply to tzeruch - at - ceddec - dot - com ---