NIST Releases SHA-256, SHA-512

An Anonymous Coward writes: "The National Institute of Standards and Technology (NIST) has just released a series of cryptographic hash functions (SHA-256, SHA-384, SHA-512) to work with the new Advanced Encryption Standard. Of course, they must be secure since they're designed by our good friends at the NSA."

The problem with SHA-0 was found.

[Paul+Crowley]

I can't remember the details now, but an attack on SHA-0 was found that does not work on SHA-1. Perhaps this means that the open crypto field is not as far behind the NSA as people think?

As a cryptographer I *am* inclined to trust these hash functions. Designing a back door would essentially require inventing a whole new - and much faster - way of doing public key crypto, and then hiding it from the world. And a back door into a hash function isn't as much use as one into, say, a block cipher - though we now know that all the secret tweaks NSA did on DES were aimed at increasing its strength. SHA-1 has stood the test of time where other hash functions (MD5 for example) look shaky. I strongly suspect that these are good for the purposes advertised.
--