Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-3 Second Round Candidates Released

Posted by Soulskill on from the narrowing-the-field dept.

Jeremy A. Hansen writes "NIST just announced their selections for algorithms going to the second round of the SHA-3 competition. Quoting: 'NIST received 64 SHA-3 candidate hash function submissions and accepted 51 first round candidates as meeting our minimum acceptance criteria. We have now selected 14 second round candidates to continue in the competition. Information about the second round candidate algorithms will be available here. We were pleased by the amount and quality of the cryptanalysis we received on the first round candidates, and more than a little amazed by the ingenuity of some of the attacks. ... In selecting this set of second round candidates we tried to include only algorithms that we thought had a chance of being selected as SHA-3. We were willing to extrapolate higher performance for conservative designs with apparently large safety factors, but comparatively unforgiving of aggressive designs that were broken, or nearly broken during the course of the review. We were more willing to accept disquieting properties of the hash function if the designer had apparently anticipated them, than if they were discovered during the review period, even if there were apparent fixes. We were generally alarmed by attacks on compression functions that seemed unanticipated by the submitters.'"

10 of 62 comments (clear)

  1. I was a little worried by Omnifarious · · Score: 3, Interesting

    I was a little worried by the plethora of submissions. I was worried it would take them forever to decide. But luckily they've been rather ruthless in culling for the third round. Given the data available on the The SHA-3 Zoo they chose wisely.

    Personally, I think Skein is interestingly feature rich, which both worries and intrigues me. Looking it appears that all the features are built on a core in which the real security lies, so I'm not too worried. Skein's core in fact appears to be extremely simple.

    --
    Need a Python, C++, Unix, Linux develop
    1. Re:I was a little worried by OverlordQ · · Score: 3, Funny

      Well Bruce Schneier helped write it, this is the same man that once decrypted a box of AlphaBits.

      --
      Your hair look like poop, Bob! - Wanker.
    2. Re:I was a little worried by Omnifarious · · Score: 4, Interesting

      I consider Bruce Scheier as a cryptographer to be sort of like Carl Sagan as an astronomer. I think he is a competent cryptographer, but I think he has much greater value as a person who can speak cogently about the issues surrounding cryptography.

      In this case, my guess is that he led the overall vision of how Skein should work but that the other people who worked on the algorithm filled in the details. In particular, I strongly suspect that Niels Ferguson is principally responsible for the core algorithm. Of course, pulling apart any particular collaboration and looking for the efforts of individuals can be tricky and error prone at best.

      --
      Need a Python, C++, Unix, Linux develop
    3. Re:I was a little worried by mTor · · Score: 4, Interesting

      Skein is getting a lot of attention because Bruce Schneier is one of it's authors. It's a fine algorithm. Personally, after going through a bunch of them, I like BLAKE the best since its extremely simple and relies on old and proven functions that have withstood the test of time. Not to mention that it's extremely fast. I also like Blue Midnight Wish. I think the NIST will pick one of these three.

    4. Re:I was a little worried by FooAtWFU · · Score: 4, Funny

      Well Bruce Schneier helped write it, this is the same man that once decrypted a box of AlphaBits.

      That's actually bad news: Anybody can invent a cryptosystem he cannot break himself. Except Bruce Schneier.

      --
      The World Wide Web is dying. Soon, we shall have only the Internet.
    5. Re:I was a little worried by Omnifarious · · Score: 3, Interesting

      The thing I like about Skein is its tree mode. I've been working on a parallelizing version of sha256sum to see if I can speed up the generation of hashes 4-fold with my dual-core dual-processor system.

      I also like the ways you can make it unique for a given usage. This will help make it more resistant to various kinds of attacks when used in particular applications and mitigate the effect of certain kinds of algorithm weaknesses if they're discovered.

      But yeah, there are other candidates, and I'm more interested in the highest possible quality algorithm coming out of the process than I am in having my particular horse win.

      --
      Need a Python, C++, Unix, Linux develop
    6. Re:I was a little worried by Martin+Blank · · Score: 3, Interesting

      I knew about Schneier being involved from early on, but I just noticed Bernstein made the last cut. Considering Bernstein's thoroughness (64-bit timestamps in his programs, and didn't he once talk about writing his own filesystem to address an external limitation that slowed down qmail?), I am very intrigued at how well CubeHash will do. He apparently admits that it suffers from some performance problems, but also says that he over-engineered it, and that it can be scaled back to improve speed while losing little in the way of security.

      Of the 14 candidates going into this round, his is one of only six that hasn't had to be revised so far. Of course, that he seems to have designed it completely on his own may work against him.

      --
      You can never go home again... but I guess you can shop there.
    7. Re:I was a little worried by letsief · · Score: 3, Interesting

      Depending on what you call a revision, Bernstein just revised CubeHash. A few days ago he posted a parameter tweak that significantly increases performance at the cost of some security. You can read about his tweak on his website at: http://cubehash.cr.yp.to/submission/tweak.pdf

    8. Re:I was a little worried by Skuto · · Score: 3, Informative

      >The thing I like about Skein is its tree mode.

      Pretty much every hash in the competition can work in tree mode. Not all submitters defined a tree mode, but that shouldn't stop NIST from defining a good one.

      There are better performers than Skein, so unless those are all seriously weakened I doubt it can win. Skein looks good on high end hardware, and not so good on anything else (compared to some other top competitors).

  2. Hey, cool! by jd · · Score: 3, Interesting

    One of my favourites (Blue Midnight Wish) made it through, and one of the others with a really cool name (SandSTORM) wasn't broken in the 1st round.

    Yes, I know, that's NOT how to pick hash functions, but you've got to admit that cryptography isn't capturing the popular imagination at the present time, leaving data dangerously insecure. I believe that part of this is because most popular crypto-related functions (and cryptographic hashing is definitely one) have names that are a turnoff.

    Once upon a time, computing was for "the Egg Heads" and anyone daring to mention computers was automatically One Of Them. The Apple made computing sexy and it became fashionable.

    Cryptography has to do the same thing, if security is to be meaningful. Otherwise, it will remain for "Egg Heads Only" and we will continue to see horrific losses from naive and pathetic practices by people trying to avoid being tarred as geeky.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)