"Neal H. Walfield" neal@walfield.org writes:
I'm not that familiar with Nettle's API, so I don't know if the following is sufficiently idiomatic.
That said, we could do the following: we could add a flag to the sha1 context to indicate to the update function that it should try to detect collision attempts, we could add a few ifs to the update function to do the checks, and we could add a second function to return whether a collision was detected:
void sha1_check_for_collisions(struct sha1_ctx *ctx); int sha1_detected_collision(struct sha1_ctx *ctx);
What do you think?
I think hashing should be fallible. If a collision attack is detected, no digest should be produced, because the digest has none of the properties that we usually associate with a hash digest.
If we come up with a new API anyway, we should make all hash functions fallible, because sooner or later, any algorithm may fall.
Cheers, Justus