Jan. 20, 2012
4:04 p.m.
(I'm thinking that the original attack is trivial once the set of 65000 colliding keys is public knowledge, which must be only a matter of time.)
I have a program able to generate collisions: it takes 1 second to compute 60,000 colliding strings on a desktop computer. So the security of the randomized hash is based on the fact than the attacker cannot compute the secret. Victor