[cryptography] Fwd: NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition

ianG iang at iang.org
Wed Oct 3 19:42:31 EDT 2012

On 3/10/12 14:10 PM, Landon Hurley wrote:
> Hash: SHA512
> Thoughts?

Very welcome - it does set the scene for the next decade for those of us 
who are free to chose the best algorithms for the job.

"We'll just choose KECCAK."  Although, see question at end.

> It wasn't the algorithm I had anticipated,

:)  The nature of the process -- big kudos to NIST for running it as an 
international competition -- ensures the result is likely pretty good. 
There will be a lot of people arguing over the choice but if the AES 
experience is anything to go by, that will dissipate in time.

> but does anyone
> really anticipate this seeing any wide spread adoption without a huge
> delay in between?

In the negative kudos department, NIST panicked over the "imminent" 
failure of older hashes especially SHA1 and, etc, weaker certs, and 
pushed the CAs and other vendors into a tizzy.  Of course, once woken 
up, everyone had to do something, anything.  Doing anything, something 
(dasing?) is always a good idea when the risks aren't understood.

Now, a lot of vendors might be less inclined to blink, as they've rammed 
in some measures already.  Rumour has it that PKIX has closed down? 
SSL's OODA cycle is measured at O(10^8 seconds).  SHA1 still seems to be 
holding it's own...  NIST has shot its bolt, has it another chance?

It's quite possible it doesn't take up.  If that is the case, NIST can 
hopefully remember this time it decides to take up the drums of war, and 
beat more softly and strategically.

One thing I don't understand from a quick reading is the business about 
KECCAK's flexibility.  At a theoretical level, it's all very well saying 
that we can dial in security and performance, but in practical 
cryptoplumbing we need some standard measurands.  How do we do this? 
Are we waiting on NIST to come out with some lengths, or are we really 
requiring our cryptoplumbers to actually understand the innards of 
KECCAK and wind the dials themselves?


> //landon
> - -------- Original Message --------
> Subject: NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition
> Date: Tue, 02 Oct 2012 23:13:01 +0200
> From: Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com>
> To: Gnupg <gnupg-users at gnupg.org>
> Dear all,
> The National Institute of Standards and Technology (NIST) today
> announced the winner of its five-year competition to select a new
> cryptographic hash algorithm, one of the fundamental tools of modern
> information security.
> The winning algorithm, Keccak (pronounced “catch-ack”), was created by
> Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics
> and Michaël Peeters of NXP Semiconductors. The team’s entry beat out 63
> other submissions that NIST received after its open call for candidate
> algorithms in 2007, when it was thought that SHA-2, the standard secure
> hash algorithm, might be threatened. Keccak will now become NIST’s SHA-3
> hash algorithm.
> You can
> http://www.nist.gov/public_affairs/tech-beat/tb20121002.cfm#s
> - --
> Violence is the last refuge of the incompetent.
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> iQIcBAEBCgAGBQJQa7rLAAoJEDeph/0fVJWs5QsP/39z89h8HylUzCVpiP9j6yZh
> BBMZ/pBucE6JRzueZqr8+xn7sAv902KTEk3iMyaVAPMg9fTOX4ppL7oMefONCDuS
> wp9xNaR5lCdYTQa7uCBcmNfNX5A6S8x5W8feFmn+gzsTWytsbOgmy0+aGZ1g9qCp
> bvLpjV2CDFH851N1fw5lR6qn5VURcBFk5JeNRMMxukxmoyem6AxN7SYUZ8WVDQ/o
> N7xuRKMoP6h16Z74LsoACwP50rem6kWfaYHSOsrKzcL4svbLGHzw5pT/DOJr4DqW
> v9MxYjYKZ58OqVF0jgoWlcPHMNxZLgylYC3vGdDgC4KatXw3YhIsnCrE2MPxh77Q
> +dqiEEPc48Zy6JmS1nOsbpJcvUh1Gpq+gjPQPBRrSHGJ0v3RbPjQ4YTHO/tVTgQ7
> P44h6hf8kb3XxhO/HAlBwMwjWKtqyw915bJKrKwetxgbGgL4POMfgFMjkmOergC8
> FZP4o/XelUsT5HMSjojRnN5gB5vwNIxRwKtXervroprKs0DZECa1YasY+YC9RVrv
> MkjEZAJ04QPtwCY8j/ciqYqToniIRBnf0MxlmNbfxRSOavslFuKkOEtmuLPvEmie
> nlPcn58F7U7eHvE+On7sL5CbpVLAqG3bmjgB1Sb/ywND2a5JZaxOoaGp1JyF3DPC
> M4TmaUJHvSP80fL24br2
> =/OU3
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list