Now From Bruce Schneier, the Skein Hash Function

An anonymous reader writes "Bruce Schneier and company have created a new hash function called Skein. From his blog entry: 'NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.) Skein is our submission (myself and seven others: Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker). Here's the paper."

Good to see Bruce back

[CRCulver]

I had long feared that the skilled cryptographer Bruce Schneier, author of Applied Cryptography , had been utterly replaced by Bruce Schneier the security consultant who peddles his wares in all of his recent lightweight publications. It's nice to see the cryptographer return.

Re:Good to see Bruce back

[ObsessiveMathsFreak]

Would you prefer that he had remained a quiet researcher for the last decade? Would the world be better off if he had?

We've all seen the Schneier-Norris jokes, and it is true that he is something of a celebrity in cryptography and computer science circles. But does becoming a celebrity through making the effort to educate the public about your field automatically cheapen your worth as a scientist or researcher? Does it reduce the worth of the message?

Celebrity has become a smear word, but smearing all celebrities reveals only our own inability to recognize true expertise and talent.

Hax

[mfh]

I love hearing about new functions, but the fundamental growth of the security industry has me concerned for the well-being of my cat -- HR director for a large corporation that shall remain nameless (although they dabble in web security). The growth of industry standards like SHA, typically stimulates additional growth in other market-based drives for change, and this is all pioneered by an industry that brought us the y2k bug, which was a total success. We made millions and did so in an unapologetic fashion. Keep em coming!

Summary: I want more money, so keep hacking and we'll keep thinking up ways to protect people from ourselves.

Re:Hax

[The+Clockwork+Troll]

Did you know your uid is a prime number when interpreted in base 7 or 11?

How do you sleep at night?

A likely story

How do we know he's not just spinning a good yarn here?

Re:What the hell is Threefish

[TorKlingberg]

Threefish is the name of the block cipher part of Skein.

Sounds good, but MD5 et al. still have a place

[apathy+maybe]

Disclaimer: I'm not a cryptographer, and I'm not a professional (anything). This post is based on my understanding, which may be wrong. Corrections accepted and welcomed.

Yes, MD5 is broken. Given a specific dataset with a specific MD5 hash, you can create another dataset with the same hash in minimal time (a few minutes on a modern computer).

You should thus not use MD5 to authenticate documents and other data as being "not-tampered with". As a checksum algorithm, it should not be used.

However, this is not the only use for hash functions. Hash functions are also used to obscure passwords. "Wait", I hear you say, "what about rainbow tables?". Wikipedia says (from the link above)

Recently, a number of projects have created MD5 "rainbow tables" which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.

That's right folks, if you know what you are doing, you can still use MD5.

Basically, you have to salt your passwords before storing them in the DB (in case the DB gets broken into), send the original salt, and another (random) salt along with the login page, make sure that everyone hashes in the correct order and compare. Simplified, but I'm sure you're all intelligent enough to find what I'm talking about.

VoilÃ, a safe method of using MD5. (As far as I know, there is still no way to convert an MD5 hash back into the original text, or even a possible original text without using a Rainbow table.)

-----

That said, new hashing methods are always welcome. Especially when it comes to things like checksums. (I can't believe some websites still relay on MD5...)

Re:Sounds good, but MD5 et al. still have a place

[tangent3]

Yes, MD5 [wikipedia.org] is broken. Given a specific dataset with a specific MD5 hash, you can create another dataset with the same hash in minimal time (a few minutes on a modern computer).

Wrong.
The MD5 attacks demonstrated are collision attacks - attacks where you generate two datasets that hash to the same MD5 hash.

What you are describing is a Preimage attack. Finding a dataset that has the same MD5 hash to an existing dataset is a different attack which is many orders of magnitude harder than collision attack, and AFAIK, has so far not been demonstrated yet for MD5.

Re:What the hell is Threefish

[dnwq]

Schneier, responding to 'shadowfirebird's comment on his blog:

"Sooner or later some dumb ass is going to ask why Skein is based on Threefish, which was (apparently, according to the intertubes) broken." Threefish can't possibly be broken yet; we only just announced it yesterday. No one knew of its existence before then. I think your intertubes are clogged.

Quick trick function stack

[TiggertheMad]

Personally, I'm waiting for the cypher built on Onefish, Twofish, Redfish, and Bluefish.

I do not like it encrypting my stocks,
I do not like it securing my box,
I do not like it, sam-I-am.