Slashdot Mirror

← Back to Stories (view on slashdot.org)

Now From Bruce Schneier, the Skein Hash Function

Posted by timothy on from the renaissance-man dept.

An anonymous reader writes "Bruce Schneier and company have created a new hash function called Skein. From his blog entry: 'NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.) Skein is our submission (myself and seven others: Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker). Here's the paper."

8 of 139 comments (clear)

  1. Bruce should go to Washington by multiOSfreak · · Score: 4, Insightful

    Bruce is the friggin' man. He ought to get some kind of advisory role in the next administration. I think his views on security in general would help straighten out a lot of FUD...assuming that anyone in Washington would actually listen to him, that is. :)

    --
    Transistors and Beer!!
  2. experts by flynt · · Score: 2, Insightful

    Cryptography: Unique in computing in that it is a field where the so-called experts, really are experts

    --modified from Jack Handy

  3. Re:Sounds good, but MD5 et al. still have a place by Waffle+Iron · · Score: 2, Insightful

    MD5 should have been scrapped years ago. There is absolutely no excuse for using it anymore.

    Well, I still use it as a replacement for cksum to make checksum files for DVDs and the like (which is not a security critical task). It runs marginally faster than cksum (and much faster than sha1sum) on my machine, and the 'md5sum -c' option lets me conveniently verify whole directory trees.

  4. Re:Sounds good, but MD5 et al. still have a place by theapeman · · Score: 2, Insightful

    And how do you think PGP signs something? It takes a checksum of it (hopefully avoiding md5) and passes that through the signature algorithm (RSA or something similar). So you can't avoid the checksum (hash function) by using PGP.

  5. Re:What the hell is Threefish by Legion_SB · · Score: 3, Insightful

    Threefish is the name of the block cipher part of Skein.

    I thought Redfish and Bluefish came after Twofish.

    --
    'a';DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%'... if you're reading this, it didn't work.
  6. Re:From the article by ciroknight · · Score: 3, Insightful

    Slashdot is more of a general forum for discussion, whereas blogs typically are not. Slashdot has a better set of regular contributors and more even opinions on topics than most blogs do (due to intellectual and geographic and other biases). There are a lot of advantages to discussing things on Slashdot, like having comments prefiltered and screened for content worth reading and adjustable filters to keep the noise floor low.

    I could go on, but hopefully I've made my point.

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  7. Re:Good to see Bruce back by bigredradio · · Score: 2, Insightful

    For more info about bruce: http://geekz.co.uk/lovesraymond/archive/bruce-schneier-facts

    --
    Flexible bare-metal recovery for Linux/UNIX
  8. Re:Good to see Bruce back by norminator · · Score: 3, Insightful

    One-way hash functions are supposed to have two properties. One, they're one way. This means that it is easy to take a message and compute the hash value, but it's impossible to take a hash value and recreate the original message. (By "impossible" I mean "can't be done in any reasonable amount of time.") Two, they're collision free. This means that it is impossible to find two messages that hash to the same hash value.

    This is funny. These two properties, discounting the redefinition of impossible, are mutually exclusive. If each message hashes to a unique value, and there are no collisions, then recreating the original message from the hash is as simple as putting a million monkeys to work writing a million works of gibberish and store the hash and gibberish in a dictionary. If you instructed your monkeys to start from the smallest works of gibberish and work towards the longer works, your dictionary would be complete for any message whose length is equal to or less than the longest message in the dictionary.

    Hence Schneier's explanation of the word "impossible", which was "can't be done in a reasonable amount of time". The criteria for grading pretty much all encryption is whether it costs more in resources to break the encryption than what the decrypted information would be worth. Truly "impossible" encryption is an impossibility in and of itself. All you can do is make it not worth someone's time and effort to try to break it.

    So you're right, that the goal of cryptography (including hash functions) is contradictory, which means that some compromises must be made. The trick is finding how to make reasonable compromises so that you have a useable system that's still relatively secure (and Schneier is always the first to say that 'secure' is always relative).

    That's why Joe Schmoe can't just make up his own encryption schemes and expect it to be secure, because it's hard work and takes a lot of understanding. That's why MD5 and SHA can't last forever. That's why they're taking proposals from smart people (excuse me, teams of people) like Schneier to come up with new hash methods, which will also have a limited lifespan as people find ways to break them.

    All we can do is to come up with the best solution we can for now, and in a few years, we'll need something better.