[cryptography] Fwd: NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition
Patrick Mylund Nielsen
cryptography at patrickmylund.com
Wed Oct 3 19:54:02 EDT 2012
I had assumed NIST would publish a revised specification with a fixed
set of lengths, a la Rijndael. Is this stated somewhere, or is my
On Wed, Oct 3, 2012 at 6:42 PM, ianG <iang at iang.org> wrote:
> On 3/10/12 14:10 PM, Landon Hurley wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
> Very welcome - it does set the scene for the next decade for those of us who
> are free to chose the best algorithms for the job.
> "We'll just choose KECCAK." Although, see question at end.
>> It wasn't the algorithm I had anticipated,
> :) The nature of the process -- big kudos to NIST for running it as an
> international competition -- ensures the result is likely pretty good. There
> will be a lot of people arguing over the choice but if the AES experience is
> anything to go by, that will dissipate in time.
>> but does anyone
>> really anticipate this seeing any wide spread adoption without a huge
>> delay in between?
> In the negative kudos department, NIST panicked over the "imminent" failure
> of older hashes especially SHA1 and, etc, weaker certs, and pushed the CAs
> and other vendors into a tizzy. Of course, once woken up, everyone had to
> do something, anything. Doing anything, something (dasing?) is always a
> good idea when the risks aren't understood.
> Now, a lot of vendors might be less inclined to blink, as they've rammed in
> some measures already. Rumour has it that PKIX has closed down? SSL's OODA
> cycle is measured at O(10^8 seconds). SHA1 still seems to be holding it's
> own... NIST has shot its bolt, has it another chance?
> It's quite possible it doesn't take up. If that is the case, NIST can
> hopefully remember this time it decides to take up the drums of war, and
> beat more softly and strategically.
> One thing I don't understand from a quick reading is the business about
> KECCAK's flexibility. At a theoretical level, it's all very well saying
> that we can dial in security and performance, but in practical
> cryptoplumbing we need some standard measurands. How do we do this? Are we
> waiting on NIST to come out with some lengths, or are we really requiring
> our cryptoplumbers to actually understand the innards of KECCAK and wind the
> dials themselves?
>> - -------- Original Message --------
>> Subject: NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition
>> Date: Tue, 02 Oct 2012 23:13:01 +0200
>> From: Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com>
>> To: Gnupg <gnupg-users at gnupg.org>
>> Dear all,
>> The National Institute of Standards and Technology (NIST) today
>> announced the winner of its five-year competition to select a new
>> cryptographic hash algorithm, one of the fundamental tools of modern
>> information security.
>> The winning algorithm, Keccak (pronounced “catch-ack”), was created by
>> Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics
>> and Michaël Peeters of NXP Semiconductors. The team’s entry beat out 63
>> other submissions that NIST received after its open call for candidate
>> algorithms in 2007, when it was thought that SHA-2, the standard secure
>> hash algorithm, might be threatened. Keccak will now become NIST’s SHA-3
>> hash algorithm.
>> You can read more at
>> - --
>> Violence is the last refuge of the incompetent.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>> -----END PGP SIGNATURE-----
>> cryptography mailing list
>> cryptography at randombit.net
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography