Forgot your password?
typodupeerror
Encryption Security United States

Schneier On the US Crypto Competition 58

Posted by kdawson
from the ante-up dept.
Bruce Schneier has a commentary in Wired titled An American Idol for Crypto Geeks on the US government's competition for a new cryptographic hash function to become the national standard, covered here recently. He talks about how much the competition, slated to wrap up by 2011, will advance the cryptographic state of the art. And how much fun he expects to have.
This discussion has been archived. No new comments can be posted.

Schneier On the US Crypto Competition

Comments Filter:
  • by MrShaggy (683273) <chris.anderson@C ... minus herbivore> on Monday February 12, 2007 @09:10AM (#17981562) Journal
    But I though that it was only terrorists that use encryption??
    • Re: (Score:1, Funny)

      by Anonymous Coward
      Don't worry son. I'm sure they'll get to him anytime now.
    • Re: (Score:1, Informative)

      by darkhitman (939662)
      Encryption is not the same as hashing.

      Damn terrorists!
    • by skintigh2 (456496)
      Back in my day, it was only pedophiles and drug runners that used encryption. Oh, how times and emotionally munipulative FUD have changd.
  • After submitting some of his more cryptic speeches.
    • After submitting some of his more cryptic speeches.
      Well, SHA's not a cipher... but considering the hash [reference.com] (see def #7) Rumsfeld & co made in Iraq....
  • tasty (Score:2, Funny)

    by qwertphobia (825473)
    mmm.... hash browns
  • by CerebusUS (21051) on Monday February 12, 2007 @09:28AM (#17981730)
    Please, oh please oh please don't let there be a William Hung [williamhung.net] to spring from this.
    • C'mon, You know you wanna hear someone do "She !'s, She !'s"
    • Re: (Score:3, Funny)

      by forkazoo (138186)

      Please, oh please oh please don't let there be a William Hung to spring from this.


      Maybe this guy should submit his work. He'd be right about on William Hung's level of competetiveness....
      http://xkcd.com/c153.html [xkcd.com]
      • by CerebusUS (21051)
        Ha! I love that guy.
      • by h4rm0ny (722443)

        Wow! Thank you. I'd never seen that series before. I love it! It's mathematical and yet so sweet!
      • by strider44 (650833)
        Alright, I love XKCD but I've got to ask someone for an explanation for that specific comic - I've never listened to Missy Elliot.
        • by CerebusUS (21051)
          Missy Elliot's Work It lyrics:

          This is a Missy Elliott one-time exclusive (Come on)

          Is it worth it, let me work it
          I put my thang down, flip it and reverse it
          I put my thang down, flip it and reverse it


          I'm not a huge rap fan, but I generally dig her stuff.
  • Fun ??? (Score:3, Funny)

    by jfbus (584847) on Monday February 12, 2007 @09:30AM (#17981746) Homepage

    And how much fun he expects to have.
    Sometimes, I wonder whether we live in the same world...
  • SHA-256? (Score:3, Interesting)

    by Bromskloss (750445) <auxiliary.addres ... NosPAm.gmail.com> on Monday February 12, 2007 @09:33AM (#17981768)
    What about SHA-512?
    • Re:SHA-256? (Score:4, Interesting)

      by Phleg (523632) <stephen@touset. o r g> on Monday February 12, 2007 @09:40AM (#17981820)
      It uses a word size of 64 bits, so is not as fast on 32-bit computers. Also, I believe it's received less scrutiny than SHA-256. IANAC.
      • Re: (Score:3, Insightful)

        by kestasjk (933987) *
        Also it's still based on the SHA-1 algorithm that was "broken".
        For practical purposes even SHA-1 is still reasonably safe, but it'd be best to learn from the cryptanalysis and research of almost two decades if we're going to make everyone change their hashing algorithm anyway.
        • For practical purposes even SHA-1 is still reasonably safe.

          That's a very dangerous statement. It can be much easier to extend theoretical attacks into practical attacks than you might think. Cryptographic algorithms only provide any security at all because they are supposed to have specific mathematical properties. SHA-1 doesn't have the ones it's supposed to.

    • Re:SHA-256? (Score:5, Insightful)

      by archen (447353) on Monday February 12, 2007 @10:14AM (#17982152)
      If your algorithm is showing weaknesses, then throwing more bits at the problem is best reserved as a temporary solution. At the worst this competition will just give us an alternative hash algorithm, and that is probably reason enough to have it.
      • off topic(ish) but...

        So what option should I be using in Truecrypt for my partition that i've got encrypted?
        I'm using the default out the box encryption -can't remember what off the top of my head, i'm at work.

        I'm not bothered about the government breaking it - it contains banking information and other stuff they could get at anyway, Just yer average cr/hacker.

        My pc is a dualcore Athlon64 with 2 gig of ram if that makes a difference.

         
        • by draziw (7737)
          Select Tools->Benchmark, and run with one that is fastest on your system. :) - For protection from citizens, any of them will do fine for many years.
      • by DarthTaco (687646)
        "If your algorithm is showing weaknesses, then throwing more bits at the problem is best reserved as a temporary solution."

        All cryptographic solutions are temporary.
        • All cryptographic solutions are temporary.

          I'm not sure where this idea comes from, but it's largely false.

          You hear a lot about cryptographic breaks because they make good news on Slashdot, but the fact of the matter is that if you encrypted something in 1978 using 3-DES it'd still be 100% secure today. If you encrypt something today using a secure 256-bit symmetric key encryption algorithm it will remain secure forever unless something really unexpected happens in computing (and no, quantum computers aren

    • NIST is either looking for an entirely revolutionary function to the SHA series, considering the emphasis that SHA-1 has been around since 1995, or seeking a function that supplies words greater than 64bits and also but albeit distantly 256bit and higher to counter higher chunk rate processors. If they're looking for something different than SHA, here are factors they are considering: the fact that all the SHA hashes after SHA-1 use part, maybe all, of SHA-1's 4 functions and vary only by the function's ou
  • by hawkinspeter (831501) on Monday February 12, 2007 @09:42AM (#17981844)
  • But I guess that's out since it's patent free.
    • Re:Whirlpool (Score:4, Informative)

      by MostAwesomeDude (980382) on Monday February 12, 2007 @10:20AM (#17982224) Homepage
      The patents (or lack thereof) have not had effects on cryptography endorsements before. One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions. One common use is for LUKS or Truecrypt hard drive encryption, and another is in BSD password hashes (the idea being that it takes the cipher about two seconds to reset itself internally each time a password is guessed, and so even with the ciphertext, the password takes a longer time to crack.)
      • Re: (Score:3, Informative)

        by Ckwop (707653) *

        The patents (or lack thereof) have not had effects on cryptography endorsements before.

        Yes they have. In particular the AES competition required that submitters adhere to certain restrictions [aes.org] regarding patents.

        One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions.

        Blowfish was never an AES candiate [quadibloc.com]

        .. Blowfish, which has a public domain specification and is very useful in s

    • by iabervon (1971)
      IIRC, the algorithm the same group chose for AES was patent-free. This was despite some people wanting them to choose a patented algorithm because the contest requirements included that the winner would have to license any necessary patents to everyone for free. So choosing a patented algorithm would have meant that you and I could use one more AES-finalist-quality algorithm.
  • I Win! (Score:3, Funny)

    by lottameez (816335) on Monday February 12, 2007 @10:25AM (#17982264)
    73 32 76 105 110 33
    • by LordP (96602)
      Nooo... 4 8 15 16 23 42
    • by gkhan1 (886823)
      447564652C207468617420776F756C64206861766520626565 6E207761792066756E6E69657220696620796F75206861646E 2774206D65737365642075702074686520617363696900
  • [ASCII text in Binary string] + 1

    It's so simple that it might just work!
  • by mutterc (828335) on Monday February 12, 2007 @01:24PM (#17984640)

    ... insulting the inferior entries.

    (Search his site for "The Doghouse" for some smackdowns of snake-oil crypto products.)

  • I heard the NSA is entering a new hash algorithm, named AYBABTU, into the competition. Interestingly, reverse engineering of the algorithm has shown it to be very similar to an algorithm, tentatively named Eksore, that was submitted to the contest by a local Junior High cryptography team.
  • cpx up pvs fodszqujpo pwfsmpstet!

"How do I love thee? My accumulator overflows."

Working...