NIST Announces Round 1 Candidates For SHA-3 Competition

jd writes "NIST has announced the round 1 candidates for the Cryptographic Hash Algorithm Challenge. Of the 64 who submitted entries, 51 were accepted. Of those, in mere days, one has been definitely broken, and three others are believed to have been. At this rate, it won't take the couple of years NIST was reckoning to whittle down the field to just one or two. (In comparison, the European Union version, NESSIE, received just one cryptographic hash function for its contest. One has to wonder if NIST and the crypto experts are so concerned about being overwhelmed with work for this current contest, why they all but ignored the European effort. A self-inflicted wound might hurt, but it's still self-inflicted.) Popular wisdom has it that no product will have any support for any of these algorithms for years — if ever. Of course, popular wisdom is ignoring all Open Source projects that support cryptography (including the Linux kernel) which could add support for any of these tomorrow. Does it really matter if the algorithm is found to be flawed later on, if most of these packages support algorithms known to be flawed today? Wouldn't it just be geekier to have passwords in Blue Midnight Wish or SANDstorm rather than boring old MD5, even if it makes no practical difference whatsoever?"

Formally, the hash is an N^0{h/v} problem

But when you factor in the pseudo-dimensional effects of iterative chromation on large samples (such as taken by Russian credit-card fraudsters and other phishers) the vulnerability of N^0{h/v} collapses to the degenerate case as v becomes very large, like my balls.

YUO FAoIL IT!!

as those non gay, a6ain. There are

Re:I'd ignore the Europeans too

[bugs2squash]

There's probably little need to test it - it will never be used anyway if its chosen by the Euros.

By being chosen as a standard by Europe, it could wind up being the only known effective implementation of security through obscurity.