Slashdot Mirror

← Back to Stories (view on slashdot.org)

Now From Bruce Schneier, the Skein Hash Function

Posted by timothy on from the renaissance-man dept.

An anonymous reader writes "Bruce Schneier and company have created a new hash function called Skein. From his blog entry: 'NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.) Skein is our submission (myself and seven others: Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker). Here's the paper."

30 of 139 comments (clear)

  1. Good to see Bruce back by CRCulver · · Score: 5, Funny

    I had long feared that the skilled cryptographer Bruce Schneier, author of Applied Cryptography , had been utterly replaced by Bruce Schneier the security consultant who peddles his wares in all of his recent lightweight publications. It's nice to see the cryptographer return.

    1. Re:Good to see Bruce back by ObsessiveMathsFreak · · Score: 5, Interesting

      Would you prefer that he had remained a quiet researcher for the last decade? Would the world be better off if he had?

      We've all seen the Schneier-Norris jokes, and it is true that he is something of a celebrity in cryptography and computer science circles. But does becoming a celebrity through making the effort to educate the public about your field automatically cheapen your worth as a scientist or researcher? Does it reduce the worth of the message?

      Celebrity has become a smear word, but smearing all celebrities reveals only our own inability to recognize true expertise and talent.

      --
      May the Maths Be with you!
    2. Re:Good to see Bruce back by norminator · · Score: 3, Insightful

      One-way hash functions are supposed to have two properties. One, they're one way. This means that it is easy to take a message and compute the hash value, but it's impossible to take a hash value and recreate the original message. (By "impossible" I mean "can't be done in any reasonable amount of time.") Two, they're collision free. This means that it is impossible to find two messages that hash to the same hash value.

      This is funny. These two properties, discounting the redefinition of impossible, are mutually exclusive. If each message hashes to a unique value, and there are no collisions, then recreating the original message from the hash is as simple as putting a million monkeys to work writing a million works of gibberish and store the hash and gibberish in a dictionary. If you instructed your monkeys to start from the smallest works of gibberish and work towards the longer works, your dictionary would be complete for any message whose length is equal to or less than the longest message in the dictionary.

      Hence Schneier's explanation of the word "impossible", which was "can't be done in a reasonable amount of time". The criteria for grading pretty much all encryption is whether it costs more in resources to break the encryption than what the decrypted information would be worth. Truly "impossible" encryption is an impossibility in and of itself. All you can do is make it not worth someone's time and effort to try to break it.

      So you're right, that the goal of cryptography (including hash functions) is contradictory, which means that some compromises must be made. The trick is finding how to make reasonable compromises so that you have a useable system that's still relatively secure (and Schneier is always the first to say that 'secure' is always relative).

      That's why Joe Schmoe can't just make up his own encryption schemes and expect it to be secure, because it's hard work and takes a lot of understanding. That's why MD5 and SHA can't last forever. That's why they're taking proposals from smart people (excuse me, teams of people) like Schneier to come up with new hash methods, which will also have a limited lifespan as people find ways to break them.

      All we can do is to come up with the best solution we can for now, and in a few years, we'll need something better.

  2. Time to get glasses by smooth+wombat · · Score: 4, Funny

    Read the title as "Skin Hash Function". For a moment, wasn't sure if this was a SFW article.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    1. Re:Time to get glasses by Phreakiture · · Score: 3, Funny

      Yeah, me too. I had wondered if there was some sort of cream you could put on it.

      --
      www.wavefront-av.com
    2. Re:Time to get glasses by gardyloo · · Score: 4, Funny

      Of course! Or it gets the hose again.

  3. FYI: Skein is pronounced like vein (i.e. "skane") by Anonymous Coward · · Score: 3, Informative

    Reference: http://www.merriam-webster.com/dictionary/skein

  4. From the fpdf by Bonker · · Score: 4, Informative

    http://www.schneier.com/skein.html

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  5. Hax by mfh · · Score: 5, Interesting

    I love hearing about new functions, but the fundamental growth of the security industry has me concerned for the well-being of my cat -- HR director for a large corporation that shall remain nameless (although they dabble in web security). The growth of industry standards like SHA, typically stimulates additional growth in other market-based drives for change, and this is all pioneered by an industry that brought us the y2k bug, which was a total success. We made millions and did so in an unapologetic fashion. Keep em coming!

    Summary: I want more money, so keep hacking and we'll keep thinking up ways to protect people from ourselves.

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:Hax by The+Clockwork+Troll · · Score: 5, Funny

      Did you know your uid is a prime number when interpreted in base 7 or 11?

      How do you sleep at night?

      --

      There are no karma whores, only moderation johns
  6. A likely story by Anonymous Coward · · Score: 5, Funny

    How do we know he's not just spinning a good yarn here?

    1. Re:A likely story by apathy+maybe · · Score: 4, Informative

      For those who didn't know and can't be bothered to even skim the PDF, the first footnote says:

      A âoeskeinââ"pronounced \sk Ìn\ and rhymes with âoerainââ"is a loosely coiled length of yarn or thread wound on reel.

      Of course, the copy and paste doesn't quite do it justice.

      (I blame Slashcode.)

      --
      I wank in the shower.
  7. What the hell is Threefish by ciroknight · · Score: 3, Interesting

    Certainly it's related to Blowfish and Twofish, but I cannot find a word one on Threefish outside of this document. Anyone care to explain for some good karma?

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
    1. Re:What the hell is Threefish by TorKlingberg · · Score: 5, Informative

      Threefish is the name of the block cipher part of Skein.

    2. Re:What the hell is Threefish by dnwq · · Score: 5, Informative
      Schneier, responding to 'shadowfirebird's comment on his blog:

      "Sooner or later some dumb ass is going to ask why Skein is based on Threefish, which was (apparently, according to the intertubes) broken." Threefish can't possibly be broken yet; we only just announced it yesterday. No one knew of its existence before then. I think your intertubes are clogged.

    3. Re:What the hell is Threefish by andrewd18 · · Score: 4, Funny

      Personally, I'm waiting for the cypher built on Onefish, Twofish, Redfish, and Bluefish.

    4. Re:What the hell is Threefish by Mister+Whirly · · Score: 4, Funny

      or what about Redfish and Bluefish?

      --
      "But this one goes to 11!"
    5. Re:What the hell is Threefish by Legion_SB · · Score: 3, Insightful

      Threefish is the name of the block cipher part of Skein.

      I thought Redfish and Bluefish came after Twofish.

      --
      'a';DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%'... if you're reading this, it didn't work.
  8. Bruce should go to Washington by multiOSfreak · · Score: 4, Insightful

    Bruce is the friggin' man. He ought to get some kind of advisory role in the next administration. I think his views on security in general would help straighten out a lot of FUD...assuming that anyone in Washington would actually listen to him, that is. :)

    --
    Transistors and Beer!!
  9. Sounds good, but MD5 et al. still have a place by apathy+maybe · · Score: 5, Informative

    Disclaimer: I'm not a cryptographer, and I'm not a professional (anything). This post is based on my understanding, which may be wrong. Corrections accepted and welcomed.

    Yes, MD5 is broken. Given a specific dataset with a specific MD5 hash, you can create another dataset with the same hash in minimal time (a few minutes on a modern computer).

    You should thus not use MD5 to authenticate documents and other data as being "not-tampered with". As a checksum algorithm, it should not be used.

    However, this is not the only use for hash functions. Hash functions are also used to obscure passwords. "Wait", I hear you say, "what about rainbow tables?". Wikipedia says (from the link above)

    Recently, a number of projects have created MD5 "rainbow tables" which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.

    That's right folks, if you know what you are doing, you can still use MD5.

    Basically, you have to salt your passwords before storing them in the DB (in case the DB gets broken into), send the original salt, and another (random) salt along with the login page, make sure that everyone hashes in the correct order and compare. Simplified, but I'm sure you're all intelligent enough to find what I'm talking about.

    VoilÃ, a safe method of using MD5. (As far as I know, there is still no way to convert an MD5 hash back into the original text, or even a possible original text without using a Rainbow table.)

    -----

    That said, new hashing methods are always welcome. Especially when it comes to things like checksums. (I can't believe some websites still relay on MD5...)

    --
    I wank in the shower.
    1. Re:Sounds good, but MD5 et al. still have a place by tangent3 · · Score: 5, Informative

      Yes, MD5 [wikipedia.org] is broken. Given a specific dataset with a specific MD5 hash, you can create another dataset with the same hash in minimal time (a few minutes on a modern computer).

      Wrong.
      The MD5 attacks demonstrated are collision attacks - attacks where you generate two datasets that hash to the same MD5 hash.

      What you are describing is a Preimage attack. Finding a dataset that has the same MD5 hash to an existing dataset is a different attack which is many orders of magnitude harder than collision attack, and AFAIK, has so far not been demonstrated yet for MD5.

    2. Re:Sounds good, but MD5 et al. still have a place by MostAwesomeDude · · Score: 3, Interesting

      If MD5(a) == MD5(b), then MD5(a + c) == MD5(b + c), where "a", "b", and "c" are arbitrary payloads and "+" is the concatenation operator.

      Thus, it's quite easy to craft preimages, if you're not really concerned with the contents of the resulting payload.

      Now, if given MD5(a), it's not (yet) possible to craft a possible payload "a", but I'm sure it'll be figured out soon.

      --
      ~ C.
    3. Re:Sounds good, but MD5 et al. still have a place by Lord+Ender · · Score: 4, Funny

      Given a specific dataset with a specific MD5 hash, you can create another dataset with the same hash in minimal time (a few minutes on a modern computer).

      That isn't even remotely true. MD5 has been demonstrated to be easier to break than advertised, therefore it is wise to use better hashes. But when I say "better than advertised" I'm saying defeating a good hash is about as easy as any of us getting Angelina Jolie in the sack; but someone has discovered a trick that makes defeating MD5 about as easy as bagging Paris Hilton. For all practical purposes, none of us will achieve either, but Paris is still no Angelina Jolie...

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  10. Re:FYI: Skein is pronounced like vein (i.e. "skane by Anonymous Coward · · Score: 3, Funny

    Funny, your website indicates the star trek pronunciation \'Skhaaaaaaaaan\

  11. From the article by joeflies · · Score: 3, Informative
    you're asking a recursive question - it was announced in the paper. The following is a blog post from the comments section.

    Quoted from the comments section

    "Sooner or later some dumb ass is going to ask why Skein is based on Threefish, which was (apparently, according to the intertubes) broken."

    Threefish can't possibly be broken yet; we only just announced it yesterday. No one knew of its existence before then.

    I think your intertubes are clogged.

    Posted by: Bruce Schneier at October 30, 2008 7:24 PM

    1. Re:From the article by ciroknight · · Score: 3, Insightful

      Slashdot is more of a general forum for discussion, whereas blogs typically are not. Slashdot has a better set of regular contributors and more even opinions on topics than most blogs do (due to intellectual and geographic and other biases). There are a lot of advantages to discussing things on Slashdot, like having comments prefiltered and screened for content worth reading and adjustable filters to keep the noise floor low.

      I could go on, but hopefully I've made my point.

      --
      "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  12. Re:Bearforce Schneier? by LotsOfPhil · · Score: 3, Funny

    Oh, please don't click on the Bearforce link with your speakers turned on/up. Sorry!

    --
    This post climbed Mt. Washington.
  13. Skein, by popeye44 · · Score: 3, Interesting

    Oh what a Tangled Skein we weave.
    When we first practice to Deceive.

    A new hash has been designed
    With File Security firm in mind.

    With Threefish this Skein will defeat
    Those who would infect and mistreat

    One fish two fish red fish blue fishes
    Kiss my ass you scummy soap dishes. :-]
    Signed, Dr. Pseussdonym.

     

    --
    Inane Comments are Generously Disregarded
  14. Quick trick function stack by TiggertheMad · · Score: 5, Funny

    Personally, I'm waiting for the cypher built on Onefish, Twofish, Redfish, and Bluefish.

    I do not like it encrypting my stocks,
    I do not like it securing my box,
    I do not like it, sam-I-am.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  15. Bruce Schneier Facts by brunes69 · · Score: 4, Funny

    There are no finite state machines. There are only a series of states that Bruce Schneier allows to exist.

    Bruce Schneier can tell you where to find your GPG key into the digits of PI.

    Bruce Schneier owns a chicken that lays scrambled eggs. Whenever he wants a hard-boiled egg, he just unscrambles one.

    SHA = "Schneier has access" SHA2 = "Schneier has access - and a spare too"

    When transmitted over any socket, Bruce Schneier's public key causes libpcap to enter an infinite malloc loop.

    Bruce Schneier knows Alice and Bob's shared secret.

    Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.

    Bruce Schneier knows the state of schroedinger's cat

    When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it.

    Bruce Schneier once decrypted a box of AlphaBits.

    http://geekz.co.uk/schneierfacts/