Slashdot Mirror

← Back to Stories (view on slashdot.org)

Did NIST Cripple SHA-3?

Posted by timothy on from the who-do-you-trust-and-why? dept.

An anonymous reader writes "In the process of standardizing the SHA-3 competition winning algorithm Keccak, the National Institute of Standards and Technology (NIST) may have lowered the bar for attacks, which might be useful for or even initiated by NSA. 'NIST is proposing a huge reduction in the internal strength of Keccak below what went into final SHA-3 comp,' writes cryptographer Marsh Ray on Twitter. In August, John Kelsey, working at NIST, described (slides 44-48) the changes to the algorithm, including reduction of the bit length from 224, 256, 384 and 512-bit modes down to 128 and 256-bit modes."

2 of 169 comments (clear)

  1. Try taking Blowfish to a manager. Hahahahahahaha! by Anonymous Coward · · Score: 0, Flamebait

    Try working on real software. I'm not talking about some shitty web app written in Perl. I'm talking about real software, used by corporations, academia and government. The kind of software that these organizations will pay top dollar to use.

    Say you find the need to integrate encryption into such a system. You go to your manager and suggest Blowfish. Since he's an MBA with a finance background, and hasn't heard Blowfish mentioned in any webcasts he's watched, he say, "What the fuck is a blowfish?"

    You'll try to explain it to him. You'll start talking about Bruce Schneier and the NSA and he'll say, "Fuck, son, you've been listening to too much Hootie and the Blowfish."

    Then he'll tell you to the get the hell out of his office with your "hippy" ideas. He can't bring them to his boss, who can't bring them to his boss. He needs standards recognized by official bodies. He doesn't need your "open source crap".

    In the real word, what you're proposing just doesn't fly, son.

  2. Uninformed nonsense by trifish · · Score: 1, Flamebait

    The guy calls himself cryptographer, but he doesn't know what he's talking about.

    Hashes, and also any ideal random oracles, have only (n/2) security due to so called birthday paradox limit.

    That's why SHA-512 has only 256-bit security. This is not weakening of the hash in any form. It is a property of any hash or RNG.

    What the slides show is that they want to reduce clutter in reducing dozen options into two options. One high-security (256-bit security) and another fast, medium-security.