Mention that AEGIS must not not used as a hash function

cfrg / draft-irtf-cfrg-aegis-aead

Specification for the AEGIS family of authenticated encryption algorithms.

https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html

Other

10 stars 2 forks source link

Mention that AEGIS must not not used as a hash function #19

Closed jedisct1 closed 11 months ago

jedisct1 commented 11 months ago

AEGIS is a very good and fast MAC, so it could be tempting to use it as a replacement for a hash function.

But if the key is known, inputs generating state collisions can be easily crafted. So, we should make that clear somewhere, probably in the security considerations.

samuel-lucas6 commented 11 months ago

I agree. That's a sensible place to put it.