Schneier On the US Crypto Competition

Bruce Schneier has a commentary in Wired titled An American Idol for Crypto Geeks on the US government's competition for a new cryptographic hash function to become the national standard, covered here recently. He talks about how much the competition, slated to wrap up by 2011, will advance the cryptographic state of the art. And how much fun he expects to have.

Terrorists??

[MrShaggy]

But I though that it was only terrorists that use encryption??

American Idol?

[CerebusUS]

Please, oh please oh please don't let there be a William Hung to spring from this.

Fun ???

[jfbus]

And how much fun he expects to have. Sometimes, I wonder whether we live in the same world...

Re:Fun ???

[realnowhereman]

Repeat after me. It's okay. This is a site for geeks. I don't have to pretend to be cool here. Being interested in encryption does not make me a bad person. I am not in high school any more.

Re:SHA-256?

[Phleg]

It uses a word size of 64 bits, so is not as fast on 32-bit computers. Also, I believe it's received less scrutiny than SHA-256. IANAC.

That man gets everywhere

[hawkinspeter]

http://geekz.co.uk/schneierfacts/

Re:SHA-256?

[archen]

If your algorithm is showing weaknesses, then throwing more bits at the problem is best reserved as a temporary solution. At the worst this competition will just give us an alternative hash algorithm, and that is probably reason enough to have it.

Re:Whirlpool

[MostAwesomeDude]

The patents (or lack thereof) have not had effects on cryptography endorsements before. One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions. One common use is for LUKS or Truecrypt hard drive encryption, and another is in BSD password hashes (the idea being that it takes the cipher about two seconds to reset itself internally each time a password is guessed, and so even with the ciphertext, the password takes a longer time to crack.)

Theyre sking to find unSHA func or bigger word bit

[rogtioko]

NIST is either looking for an entirely revolutionary function to the SHA series, considering the emphasis that SHA-1 has been around since 1995, or seeking a function that supplies words greater than 64bits and also but albeit distantly 256bit and higher to counter higher chunk rate processors. If they're looking for something different than SHA, here are factors they are considering: the fact that all the SHA hashes after SHA-1 use part, maybe all, of SHA-1's 4 functions and vary only by the function's output word bit size, which SHA-256 and SHA-384-512 change with summation functions into the mix. For example, here is SHA-1's functions

f subscript t (x,y,z) =

Ch(x,y,z)=(x^y) xor (complement x^z) 0 less than or = t less than or = 19

Parity (x,y,z)=x xor y xor z 20 less than or = t less than or = 39

Maj (x,y,z)=(x^y) xor (x^z) xor (y^z) 40 less than or = t less than or = 59

Parity (x,y,z)=x xor y xor z 60 less than or = t less than or = 79

(4.1)

and SHA-384 and SHA-512 functions

Ch( x,y,z) = ( x^y) xor (complement x^z) (4.8)

Maj(x,y,z) = (x^y) xor (x^z) xor (y^z) (4.9)

(big sigma subscript 0) (superscript {512}) (x) = ROTR (superscript 28) (x) xor ROTR (superscript 34) (x) xor ROTR (superscript 39)(x) (4.10)

(big sigma subscript 1) (superscript {512}) (x) = ROTR (superscript 14) (x) xor ROTR (superscript 18) (x) xor ROTR (superscript 41) (x) (4.11)

(small sigma subscript 0) (superscript {512}) x = ROTR (superscript 1) (x) xor ROTR (superscript 8)(x) xor SHR (superscript 7) (x) (4.12)

(small sigma subscript 1) (superscript {512}) x = ROTR (superscript 19) (x) xor ROTR (superscript 61) (x) xor SHR (superscript 6) (x) (4.13)