On 1/2/2012 12:55 AM, Paul McMillan wrote:
Terry Reedy said: I understood Alexander Klink and Julian Wälde, hashDoS@alech.de, as saying that they consider that using a random non-zero start value is sufficient to make the hash non-vulnerable.
I've been talking to them. They're happy to look at our proposed changes. They indicate that a non-zero start value is sufficient to prevent the attack, but D. J. Bernstein disagrees with them. He also has indicated a willingness to look at our solution.
Great. My main concern currently is that there should be no noticeable slowdown for 64 bit builds which are apparently not vulnerable and which therefore would get no benefit.
Terry Jan Reedy