[Botan-devel] Removing FORK-256

Jack Lloyd lloyd at randombit.net
Tue May 25 11:25:05 EDT 2010

I added FORK-256 after it was presented at the first NIST hash
conference; it seemed like a promising new hash. Unfortunately it
seems like this was a case of backing the wrong horse: a number of
weaknesses have been found, including a collision on the full hash
running in 2^109 operations, and a number of fast near-collision and
truncated collision attacks. Fortunately, considering the weaknesses,
it's also rarely used (if ever).

An updated version of FORK-256 was published that claims to prevent
the attacks, but I haven't seen any analysis of this hash and given
this updated version also is not in use in any real application I'm
not seeing any compelling reason to implement it (especially vs
spending the time implementing more SHA-3 candidates).

So, FORK-256 will be removed in the next development release.


More information about the botan-devel mailing list