8.1-8.2

1. The most difficult part for me is the subtle differences between the properties. Pre-image resistant is that, given a specific value in the codomain, it is difficult to come up with a value in the domain that maps to it. The second property is that is is hard to find two messages that hash to the same value, so we could consider the "easiest" hash value to obtain and that should still be hard. The third is that given a message, it is hard to come up with another message that maps to the same. In this case, the hash is still fixed, but the message may be the easiest value to obtain that maps to it, and we seek a different one. Is this right?

2. I am very interested in the role of the random oracle in theoretical proofs of security. Even though one doesn't exist, it is nice to abstract such a notion away from implementation detail. On the other hand, it is that very abstraction that may lead to a practical weakness in the system.