<div dir="ltr"><div class="gmail_extra"><div>Since a hash function is effectively a PRF as opposed to a PRP, you run the possibility of collisions and therefore have to account for the birthday bound/pigeonhole principle. For a given security level, you take the square of the key size you would otherwise use with a symmetric cipher.</div><div><br></div>-- <br><div class="gmail_signature">Tony Arcieri<br></div>
</div></div>