NIST Opens Competition for a New Hash Algorithm

Invisible Pink Unicorn writes "The National Institute of Standards and Technology has opened a public competition for the development of a new cryptographic hash algorithm, which will be called Secure Hash Algorithm-3 (SHA-3), and will augment the current algorithms specified in the Federal Information Processing Standard (FIPS) 180-2. This is in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design. Submissions are being accepted through October 2008, and the competition timeline indicates that a winner will be announced in 2012."

Encryption != Hashing

[rock217]

Encryption implies that you can reconstruct the original string from the encoded. Methods like md5, sha1, etc are one way algorithms that cannot be reversed* in a realistic amount of time.



* - Rainbow tables

Re:Encryption != Hashing

[TechyImmigrant]

When hashing a data set larger than the resulting digest, it cannot be reversed at all. However you can find collisions which is handy if you want to subvert the PKI hierarchy that protects web transactions.

Re:Encryption != Hashing

[Comatose51]

Rainbow tables won't help you get the old message back since pretty much by definition or pigeonhole theorem there is more than one plaintext that can generate the same hash. Breaking a hash algorithm usually involves finding a plaintext that generates the specific hash, thus fooling the victim into thinking that plaintext was the original one.

Or imagine this: you have a simple hash function that takes all the letters in a message, turns them into number based on their place in the alphabet, and adds them up to generate the sum. If that sum goes over 10,000 then it would do a mod 10,000 to wrap it around. There's an infinite number of plaintexts that can generate the exact same hash based on this hash algorithm. However, what you can never do is figure out which specific one generated it.

Re:Very similar to the AES competition

[lgw]

1) That the NSA is so amazingly far ahead of everyone else in crypto that they were able to find something in AES that no one else has in over a decade. When the DES standard was created, the NSA was so amazing far ahead of everyone else that they were able to find somehting in DES that no one else found for over a decade. The NSA provided very specific technical advice (without explanation) that was followed in the creation of DES. Many years later, the rest of the world caught up and discovered that the NSA had corrected a very subtle weakness in DES.

The NSA has an actual track record here, and their motives have proven good so far. However, they claim that (due to lack of funding and too much competition from financial firms for math PhDs) they aren't so far ahead any more.

Re:Very similar to the AES competition

[Llywelyn]

It is worth emphasizing that the NSA has said that AES 128/192/256 can be used to protect information up to the secret level, and that top secret information can be secured with AES 192 or 256. That's a pretty strong statement coming from the NSA, which if acting rationally they would not want to leave weaknesses in something that is used to secure information that would be, by definition, "very damaging to the US and its interests if released."

Now, it is possible that such statements are just for show, but it takes a belief that they are playing an incredulously deep game that they would make those statements as a denial and deception practice.

Re:No, you're right.

[smallfries]

Maybe you should chase the etymology one level deeper. If the original data cannot be recovered then it is not "hidden" but "destroyed". You may not believe that the term encryption means a two-way process with an available decryption function - but that is the definition that the crypto community uses, and so it's good enough for me.

Re:Encryption == Something to Hide

[flosofl]

One very simple attack was changing the grades in a school system. The school encrypted the grades, so they thought they were safe from change. The failed students hacked into the system, and just changed their data to the same data held against students they knew had done well. Anyway, that's just one way that encryption doesn't protect you against malicious modification. It gets a lot sneakier the more you look into it.

What was the school using, ROT13? It sounds like they were using a substitution cipher not a modern algorithm. If they had been using any kind of real encryption, there would be no way that technique would be possible. Some of the tests that modern encryption algorithms have to face are frequency analysis (which substitution ciphers fail) and known plain text attacks (I assume the students had access to the encrypted txt and their real information). Other than the school using a centuries old, easily defeated technique I call bullshit.

Modern encryption *does* protect you from malicious altering of information. I encourage you to read up on Message Authentication Code (and all it's sundry relatives, UMAC, HMAC, CMAC). By changing just one character in an encrypted block, you have just caused the MAC to show a mismatch and invalidate the integrity and authenticity of the data. Unless they have the key used for encryption (which would raise the question of why they simply substituted characters in an encrypted field), they are shit out of luck trying to fool anyone. Yes, the cipher block is useless, but no one will be "tricked" by the changed grade, either.

Re:Very similar to the AES competition

[James+Youngman]

If the NSA really is so good that they can outdo the entire rest of the crypto community, well then they can probably break pretty much any of the cryptosystems out there.

Actually I think you're right, but to play Devil's Advocate for a moment, I will note that the UK government agency GCHQ developed a public-key cryptosystem between 1969 and 1973, significantly before Diffie and Hellman's (apparently) ground-breaking paper. So, government agencies are quite capable of beating the public state of the art and not telling anyone about it.

Oh no doubt

[Sycraft-fu]

And there's evidence that the NSA understood quite a bit more about cryptography back in the DES days based on a change they made ot it that hardened it against an as of yet unknown kind of attack.

However being a bit ahead in terms of creating a system is real different form being far enough ahead to break systems. To mistrust the NSA on AES means you figure that they know enough to know how to break it, and that they figure the knowledge is so far advanced that no one else will figure it out. One of the NSA's jobs is actually "To achieve information assurance for information infrastructures critical to U.S. national security interests." They are tasked with things like making sure that US financial systems aren't broken in to, hence things like DES/AES. As such if they knowingly allowed a breakable cryptosystem to become the standard and it was in fact broken, they'd have failed in that and have shit to answer for.

So while I certainly believe they are the best in the business, and while I'd not be surprised to discover they know things that public does not, it would imply a staggering advance in cryptography for them to be able to break AES and figure that the public can't. In fact, it would probably imply something along the Tom Clancy lines of a computer that could break ANY machine based cypher and as such no matter what crypto you used short of a one time pad, you'd be screwed.

I just don't find it reasonable to believe that. I find it more reasonable to believe that since good crypto is out there anyhow, and since their job is to protect US interests, that they did an honest analysis of AES and found it to be highly secure, just as everyone else did.