Schneier On the US Crypto Competition

← Back to Stories (view on slashdot.org)

Schneier On the US Crypto Competition

Posted by kdawson on Monday February 12, 2007 @01:08AM from the ante-up dept.

Bruce Schneier has a commentary in Wired titled An American Idol for Crypto Geeks on the US government's competition for a new cryptographic hash function to become the national standard, covered here recently. He talks about how much the competition, slated to wrap up by 2011, will advance the cryptographic state of the art. And how much fun he expects to have.

17 of 58 comments (clear)

Min score:

Reason:

Sort:

Terrorists?? by MrShaggy · 2007-02-12 01:10 · Score: 5, Funny

But I though that it was only terrorists that use encryption??

--
I have mod points and I am not afraid to use them.
Donald Rumsfeld is the early favourite by Timesprout · 2007-02-12 01:18 · Score: 2, Funny

After submitting some of his more cryptic speeches.

--
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
American Idol? by CerebusUS · 2007-02-12 01:28 · Score: 3, Funny

Please, oh please oh please don't let there be a William Hung to spring from this.
1. Re:American Idol? by forkazoo · 2007-02-12 03:41 · Score: 2, Funny
  
  Please, oh please oh please don't let there be a William Hung to spring from this.
  
  Maybe this guy should submit his work. He'd be right about on William Hung's level of competetiveness....
  http://xkcd.com/c153.html
Fun ??? by jfbus · 2007-02-12 01:30 · Score: 3, Funny

And how much fun he expects to have. Sometimes, I wonder whether we live in the same world...
1. Re:Fun ??? by realnowhereman · 2007-02-12 02:00 · Score: 4, Funny
  
  Repeat after me. It's okay. This is a site for geeks. I don't have to pretend to be cool here. Being interested in encryption does not make me a bad person. I am not in high school any more.
  
  --
  Carpe Daemon
SHA-256? by Bromskloss · 2007-02-12 01:33 · Score: 2, Interesting

What about SHA-512?

--
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
1. Re:SHA-256? by Phleg · 2007-02-12 01:40 · Score: 3, Interesting
  
  It uses a word size of 64 bits, so is not as fast on 32-bit computers. Also, I believe it's received less scrutiny than SHA-256. IANAC.
  
  --
  No comment.
2. Re:SHA-256? by archen · 2007-02-12 02:14 · Score: 5, Insightful
  
  If your algorithm is showing weaknesses, then throwing more bits at the problem is best reserved as a temporary solution. At the worst this competition will just give us an alternative hash algorithm, and that is probably reason enough to have it.
3. Re:SHA-256? by kestasjk · 2007-02-12 02:54 · Score: 2, Insightful
  
  Also it's still based on the SHA-1 algorithm that was "broken".
  For practical purposes even SHA-1 is still reasonably safe, but it'd be best to learn from the cryptanalysis and research of almost two decades if we're going to make everyone change their hashing algorithm anyway.
  
  --
  // MD_Update(&m,buf,j);
That man gets everywhere by hawkinspeter · 2007-02-12 01:42 · Score: 4, Funny

http://geekz.co.uk/schneierfacts/

--
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
Re:Whirlpool by MostAwesomeDude · 2007-02-12 02:20 · Score: 3, Informative

The patents (or lack thereof) have not had effects on cryptography endorsements before. One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions. One common use is for LUKS or Truecrypt hard drive encryption, and another is in BSD password hashes (the idea being that it takes the cipher about two seconds to reset itself internally each time a password is guessed, and so even with the ciphertext, the password takes a longer time to crack.)

--
~ C.
I Win! by lottameez · 2007-02-12 02:25 · Score: 2, Funny

73 32 76 105 110 33

--
Yeah? Well I think you're overrated too.
1. Re:I Win! by LordP · 2007-02-12 10:30 · Score: 2
  
  Nooo... 4 8 15 16 23 42
  
  --
  Nothing is so smiple that it can't be screwed up.
Theyre sking to find unSHA func or bigger word bit by rogtioko · 2007-02-12 03:14 · Score: 3, Interesting

NIST is either looking for an entirely revolutionary function to the SHA series, considering the emphasis that SHA-1 has been around since 1995, or seeking a function that supplies words greater than 64bits and also but albeit distantly 256bit and higher to counter higher chunk rate processors. If they're looking for something different than SHA, here are factors they are considering: the fact that all the SHA hashes after SHA-1 use part, maybe all, of SHA-1's 4 functions and vary only by the function's output word bit size, which SHA-256 and SHA-384-512 change with summation functions into the mix. For example, here is SHA-1's functions
f subscript t (x,y,z) =
Ch(x,y,z)=(x^y) xor (complement x^z) 0 less than or = t less than or = 19
Parity (x,y,z)=x xor y xor z 20 less than or = t less than or = 39
Maj (x,y,z)=(x^y) xor (x^z) xor (y^z) 40 less than or = t less than or = 59
Parity (x,y,z)=x xor y xor z 60 less than or = t less than or = 79
(4.1)

and SHA-384 and SHA-512 functions
Ch( x,y,z) = ( x^y) xor (complement x^z) (4.8)
Maj(x,y,z) = (x^y) xor (x^z) xor (y^z) (4.9)
(big sigma subscript 0) (superscript {512}) (x) = ROTR (superscript 28) (x) xor ROTR (superscript 34) (x) xor ROTR (superscript 39)(x) (4.10)
(big sigma subscript 1) (superscript {512}) (x) = ROTR (superscript 14) (x) xor ROTR (superscript 18) (x) xor ROTR (superscript 41) (x) (4.11)
(small sigma subscript 0) (superscript {512}) x = ROTR (superscript 1) (x) xor ROTR (superscript 8)(x) xor SHR (superscript 7) (x) (4.12)
(small sigma subscript 1) (superscript {512}) x = ROTR (superscript 19) (x) xor ROTR (superscript 61) (x) xor SHR (superscript 6) (x) (4.13)
Re:Whirlpool by Ckwop · 2007-02-12 03:32 · Score: 2, Informative

The patents (or lack thereof) have not had effects on cryptography endorsements before.

Yes they have. In particular the AES competition required that submitters adhere to certain restrictions regarding patents.
One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions.

Blowfish was never an AES candiate

.. Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions.

I'm not even sure what you mean here. On the whole, a slow key-schedule is a bad idea. You want your key schedule to be as fast as possible. The reason for this is that a fast key-schedule means you can target more platforms with the cipher (such as smart cards et al).

If you want to slow down dictionary attacks there are better ways to do this. Repeatedly hashing the passphrase is more sensible since the number of hashes can be scaled to the platform speed. Stopping a brute-force of a smart card is a world different to brute-force of a PGP disk.

Blowfish on the whole is a poor design. Now that we have AES I would recommend that over anything else.

Simon
Bruce could take the Simon Cowell role... by mutterc · 2007-02-12 05:24 · Score: 2, Funny

... insulting the inferior entries.

(Search his site for "The Doghouse" for some smackdowns of snake-oil crypto products.)