Slashdot Mirror

← Back to Stories (view on slashdot.org)

Now From Bruce Schneier, the Skein Hash Function

Posted by timothy on from the renaissance-man dept.

An anonymous reader writes "Bruce Schneier and company have created a new hash function called Skein. From his blog entry: 'NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.) Skein is our submission (myself and seven others: Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker). Here's the paper."

8 of 139 comments (clear)

  1. Hax by mfh · · Score: 5, Interesting

    I love hearing about new functions, but the fundamental growth of the security industry has me concerned for the well-being of my cat -- HR director for a large corporation that shall remain nameless (although they dabble in web security). The growth of industry standards like SHA, typically stimulates additional growth in other market-based drives for change, and this is all pioneered by an industry that brought us the y2k bug, which was a total success. We made millions and did so in an unapologetic fashion. Keep em coming!

    Summary: I want more money, so keep hacking and we'll keep thinking up ways to protect people from ourselves.

    --
    The dangers of knowledge trigger emotional distress in human beings.
  2. What the hell is Threefish by ciroknight · · Score: 3, Interesting

    Certainly it's related to Blowfish and Twofish, but I cannot find a word one on Threefish outside of this document. Anyone care to explain for some good karma?

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  3. Re:Sounds good, but MD5 et al. still have a place by MostAwesomeDude · · Score: 3, Interesting

    If MD5(a) == MD5(b), then MD5(a + c) == MD5(b + c), where "a", "b", and "c" are arbitrary payloads and "+" is the concatenation operator.

    Thus, it's quite easy to craft preimages, if you're not really concerned with the contents of the resulting payload.

    Now, if given MD5(a), it's not (yet) possible to craft a possible payload "a", but I'm sure it'll be figured out soon.

    --
    ~ C.
  4. Re:Bruce should go to Washington by Anonymous Coward · · Score: 1, Interesting

    Didn't Bruce leave the NSA because he saw that the NSA was irreformably dedicated to violation of privacy for political gain, regardless of the pressure honest politicians put on it to stick to legitimate national security concerns?

  5. Skein, by popeye44 · · Score: 3, Interesting

    Oh what a Tangled Skein we weave.
    When we first practice to Deceive.

    A new hash has been designed
    With File Security firm in mind.

    With Threefish this Skein will defeat
    Those who would infect and mistreat

    One fish two fish red fish blue fishes
    Kiss my ass you scummy soap dishes. :-]
    Signed, Dr. Pseussdonym.

     

    --
    Inane Comments are Generously Disregarded
  6. Re:Good to see Bruce back by ObsessiveMathsFreak · · Score: 5, Interesting

    Would you prefer that he had remained a quiet researcher for the last decade? Would the world be better off if he had?

    We've all seen the Schneier-Norris jokes, and it is true that he is something of a celebrity in cryptography and computer science circles. But does becoming a celebrity through making the effort to educate the public about your field automatically cheapen your worth as a scientist or researcher? Does it reduce the worth of the message?

    Celebrity has become a smear word, but smearing all celebrities reveals only our own inability to recognize true expertise and talent.

    --
    May the Maths Be with you!
  7. PHP extension for the Skein hash is available by chrysalis · · Score: 1, Interesting

    A PHP extension for the Skein hash is now available.

    You can download it from:
    http://download.pureftpd.org/php-skein-hash/

    --
    {{.sig}}
  8. Re:Good to see Bruce back by MikeBabcock · · Score: 2, Interesting

    Bruce is the opposite of a traditional peddler in my view; he comes at problems from an obviously wide perspective and a deep understanding of his expertise; cryptography. I see most of his 'light-weight' contributions to security as those moments where he's trying to explain how cryptography, his passion, will not solve your problems.

    He frequently explains how cryptography doesn't implicitly guarantee security, that security is a larger process that involves many other factors of which good cryptography is only one.

    Depending on poor cryptography will of course weaken the solution should crypto be a major factor, but the design of the whole system needs to be taken into account, and that's where his frequently-cited works come into play.

    Can you actually find good examples of him NOT being insightful or seeing an issue correctly? Are you simply annoyed that he doesn't sit in the corner you've made for him as a cryptographer? I don't care if Oprah talks about weight loss; she's been through it. I care that she talks about literature, because the books she likes suck.

    Bruce can talk about process security all he likes in my world, he's good at it and doesn't mince words.

    --
    - Michael T. Babcock (Yes, I blog)