Talk:WHIRLPOOL

From Wikipedia, the free encyclopedia

This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.

Contents 1 Shameless plug disclaimer 2 Definition of Whirlpool 3 Avalanche Effect 4 Editing

[edit] Shameless plug disclaimer

Since the original Whirlpool page has basically put the first two revisions of WHIRLPOOL in a memory hole, I have created a tarball of some code which generates hashes for all three versions of WHIRLPOOL and linked to it on the page. And, yes, everyone should use WHIRLPOOL v3 (the current revision). Samboy 12:18, 12 Jun 2005 (UTC)

Great investigation, Samboy! I would like to share also my findings with you. In the document of the 1st revision the WHIRLPOOL authors, Paulo Barreto and Vincent Rijmen tell us: "We propose renaming the original algorithm Whirlpool-0 and using the term Whirlpool for the final, modified version that uses the improved S-box design." Unfortunately, they didn't make a suggestion anymore about algorithm names of previous designs in their 2nd revision doc. However, if we take the words of the 1st revision doc into account, the original algorithm should be named Whirlpool-0 rather than Whirlpool1. Jonelo 5 July 2005 21:06 (UTC)

An additional shameless plug disclaimer: a Java implementation of all three revisions of Whirlpool can be found at http://www.jonelo.de/java/jacksum - Jonelo 04:27, 17 May 2006 (UTC)

[edit] Definition of Whirlpool

SHA-* got very nice looking definition in pseudo code for the functions. Can someone add this to whirlpool?

[edit] Avalanche Effect

The note describing the Avalanche Effect seems (to me) to end in an incorrect statement.

"Even a small change in the message will (with an extremely likely probability of 1-10^-154) result in a completely different hash, e.g. changing d to e, resulting in a message that differs only in one single bit:"

This last part contradicts the first part of the sentence ("completely different hash"). The explanations on the SHA1 and RIPEMD pages do not contain this addition.

Am I wrong?

-- Node3 18:48, 19 October 2006

Yes, you missunderstood the sentence. It means THE MESSAGE is changed one bit, thus causing THE HASH SUM to change many bits. Say you have this message: "The d day" and change it to "The e day". That means we change only one bit in the message. That is the bit that causes the middle character in that message to become an "e" instead of a "d". Since d = 1100100 and e = 1100101, at least if using any of the usual character sets. But yeah, that sentence is easy to missunderstand and probably should be changed to something clearer. Perhaps with a link to avalanche effect.

Besides that sentence expresses the collision risk in a hard to understand way. It is a 512 bit hash sum thus the collision risk is about 1 in 2⁵¹². That corresponds to 1 in 10¹⁵⁴. Which can be expressed as the non-collisions are 1 - 2^-512 or 1 - 10^-154 (that is 0.99999...) but that is an awkward way to state it. I'd prefer to say something like: "Since it is a 512 bit hash sum the risk of getting the same hash sum is about 1 in 2⁵¹²."

--David Göthberg 22:51, 19 October 2006 (UTC)

[edit] Editing

In the statement "Even a small change in the message will (with an extremely likely probability of 1-10-154) result in a completely different hash, e.g. changing d to e, resulting in a message that differs only in one single bit:", the part sentence itself as well as the blocked demonstrations of the algorithm seem to contradict what is contained in the parenthesis.

-- ASBands 23:16, 27 October 2006