Skein5 Comments

Bruce Schneier, author of the well-known tome Applied Cryptography, has announced his submission to NIST’s competition to replace the SHA family of hashes.

I haven’t been through the paper yet, but I intend to give it a read sometime soon.

5 Responses to “Skein”

  1. lissie says:
    October 31st, 2008 at 5:05 pm

    question: is SHA-3 still an option if it’s superior to the other five? or will the SHA family definitely be replaced with the competition winner?

    also, though i see it won’t really be for another 4 years, does this affect what you do or is it like using a new program that does the same thing, only better?

  2. Kevin Driver says:
    November 2nd, 2008 at 2:50 pm

    The Wikipedia entry I linked could be read ambiguously, considering NIST has decided to call the replacement “SHA-3.”

    The authors of the Wikipedia entry are referring to the resulting winner of the contest I mentioned above as eventually becoming “SHA-3.” They also claim that SHA-224, SHA-256, SHA-384, and SHA-512 are collectively called “SHA-2.”

    In my experience in industry, typically when people refer to “SHA-3,” they mean the current SHA-384, not what the eventual replacement to the current family will be; however the NIST contest site *does* state that the winner will be called “SHA-3.” In contrast, when the government decided it was time to replace DES, the winning algorithm (Rijndael) became known as the Advanced Encryption Standard (AES) rather than retaining the title of DES. I wouldn’t be surprised if something like this happened here ultimately, rather than calling the winner “SHA-3,” since few of the submissions will likely be based on the current SHA family and since the suggested naming convention lends itself to ambiguity.

  3. Courtney Falk says:
    November 2nd, 2008 at 2:57 pm

    I’ve only skimmed the paper but “hash function” seems a misnomer. It looks like they worked to design a generalized function that satisfies various cryptographic constraints and in turn applied it in an implementation of a hash function. They shot the moon it looks like, assuming the security of the Threefish cipher.

    –posted here from a Facebook comment: ktd

  4. lissie says:
    November 2nd, 2008 at 6:59 pm

    hmmm…interesting. what about the question about your work?

  5. Kevin Driver says:
    November 3rd, 2008 at 10:51 am

    It would affect what I do. Customers would want to see the new standard implemented. Anything that is considered more secure would be desirable from a security point of view.

Leave a Reply


[back to the top]
31 Oct 2008 11:00 am
Cryptography, Security/Privacy