Slashdot Mirror


Did NIST Cripple SHA-3?

An anonymous reader writes "In the process of standardizing the SHA-3 competition winning algorithm Keccak, the National Institute of Standards and Technology (NIST) may have lowered the bar for attacks, which might be useful for or even initiated by NSA. 'NIST is proposing a huge reduction in the internal strength of Keccak below what went into final SHA-3 comp,' writes cryptographer Marsh Ray on Twitter. In August, John Kelsey, working at NIST, described (slides 44-48) the changes to the algorithm, including reduction of the bit length from 224, 256, 384 and 512-bit modes down to 128 and 256-bit modes."

1 of 169 comments (clear)

  1. Uninformed nonsense by trifish · · Score: 1, Flamebait

    The guy calls himself cryptographer, but he doesn't know what he's talking about.

    Hashes, and also any ideal random oracles, have only (n/2) security due to so called birthday paradox limit.

    That's why SHA-512 has only 256-bit security. This is not weakening of the hash in any form. It is a property of any hash or RNG.

    What the slides show is that they want to reduce clutter in reducing dozen options into two options. One high-security (256-bit security) and another fast, medium-security.