Slashdot Mirror

← Back to Stories (view on slashdot.org)

Now From Bruce Schneier, the Skein Hash Function

Posted by timothy on from the renaissance-man dept.

An anonymous reader writes "Bruce Schneier and company have created a new hash function called Skein. From his blog entry: 'NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.) Skein is our submission (myself and seven others: Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker). Here's the paper."

9 of 139 comments (clear)

  1. FYI: Skein is pronounced like vein (i.e. "skane") by Anonymous Coward · · Score: 3, Informative

    Reference: http://www.merriam-webster.com/dictionary/skein

  2. From the fpdf by Bonker · · Score: 4, Informative

    http://www.schneier.com/skein.html

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  3. Re:What the hell is Threefish by TorKlingberg · · Score: 5, Informative

    Threefish is the name of the block cipher part of Skein.

  4. Sounds good, but MD5 et al. still have a place by apathy+maybe · · Score: 5, Informative

    Disclaimer: I'm not a cryptographer, and I'm not a professional (anything). This post is based on my understanding, which may be wrong. Corrections accepted and welcomed.

    Yes, MD5 is broken. Given a specific dataset with a specific MD5 hash, you can create another dataset with the same hash in minimal time (a few minutes on a modern computer).

    You should thus not use MD5 to authenticate documents and other data as being "not-tampered with". As a checksum algorithm, it should not be used.

    However, this is not the only use for hash functions. Hash functions are also used to obscure passwords. "Wait", I hear you say, "what about rainbow tables?". Wikipedia says (from the link above)

    Recently, a number of projects have created MD5 "rainbow tables" which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.

    That's right folks, if you know what you are doing, you can still use MD5.

    Basically, you have to salt your passwords before storing them in the DB (in case the DB gets broken into), send the original salt, and another (random) salt along with the login page, make sure that everyone hashes in the correct order and compare. Simplified, but I'm sure you're all intelligent enough to find what I'm talking about.

    VoilÃ, a safe method of using MD5. (As far as I know, there is still no way to convert an MD5 hash back into the original text, or even a possible original text without using a Rainbow table.)

    -----

    That said, new hashing methods are always welcome. Especially when it comes to things like checksums. (I can't believe some websites still relay on MD5...)

    --
    I wank in the shower.
    1. Re:Sounds good, but MD5 et al. still have a place by tangent3 · · Score: 5, Informative

      Yes, MD5 [wikipedia.org] is broken. Given a specific dataset with a specific MD5 hash, you can create another dataset with the same hash in minimal time (a few minutes on a modern computer).

      Wrong.
      The MD5 attacks demonstrated are collision attacks - attacks where you generate two datasets that hash to the same MD5 hash.

      What you are describing is a Preimage attack. Finding a dataset that has the same MD5 hash to an existing dataset is a different attack which is many orders of magnitude harder than collision attack, and AFAIK, has so far not been demonstrated yet for MD5.

  5. Re:What the hell is Threefish by dnwq · · Score: 5, Informative
    Schneier, responding to 'shadowfirebird's comment on his blog:

    "Sooner or later some dumb ass is going to ask why Skein is based on Threefish, which was (apparently, according to the intertubes) broken." Threefish can't possibly be broken yet; we only just announced it yesterday. No one knew of its existence before then. I think your intertubes are clogged.

  6. From the article by joeflies · · Score: 3, Informative
    you're asking a recursive question - it was announced in the paper. The following is a blog post from the comments section.

    Quoted from the comments section

    "Sooner or later some dumb ass is going to ask why Skein is based on Threefish, which was (apparently, according to the intertubes) broken."

    Threefish can't possibly be broken yet; we only just announced it yesterday. No one knew of its existence before then.

    I think your intertubes are clogged.

    Posted by: Bruce Schneier at October 30, 2008 7:24 PM

  7. Re:A likely story by apathy+maybe · · Score: 4, Informative

    For those who didn't know and can't be bothered to even skim the PDF, the first footnote says:

    A âoeskeinââ"pronounced \sk Ìn\ and rhymes with âoerainââ"is a loosely coiled length of yarn or thread wound on reel.

    Of course, the copy and paste doesn't quite do it justice.

    (I blame Slashcode.)

    --
    I wank in the shower.
  8. More submissions by LargeMythicalReptile · · Score: 2, Informative

    I expect it will take a little while for NIST to compile all the submissions and put them online. In the meantime, someone has started compiling a list (which is unofficial and incomplete, but still useful):

    http://131002.net/sha3lounge/