NIST Opens Competition for a New Hash Algorithm 187
Invisible Pink Unicorn writes "The National Institute of Standards and Technology has opened a public competition for the development of a new cryptographic hash algorithm, which will be called Secure Hash Algorithm-3 (SHA-3), and will augment the current algorithms specified in the Federal Information Processing Standard (FIPS) 180-2. This is in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design. Submissions are being accepted through October 2008, and the competition timeline indicates that a winner will be announced in 2012."
hash algorithm hash recipe (Score:4, Funny)
Encryption == Something to Hide (Score:4, Funny)
Encryption != Hashing (Score:4, Informative)
* - Rainbow tables
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:3, Informative)
Or imagine this: you have a simple hash function that takes all the letters in a message, turns them into number based on their place in the alphabet, and adds them
Re: (Score:2)
Nitpick: they can't be reversed in any amount of time, because for any given hash, there are propably an infinite amount of strings which hash to that hash.
Re: (Score:2)
Re: (Score:2)
Re:No, you're right. (Score:4, Informative)
Re: (Score:2)
One very simple attack was changing the grades in a school system. The school encrypted the grades, so they thought they were safe from change. The failed students hacked into the system, and just c
Re: (Score:3, Informative)
What was the school using, ROT13? It sounds like they were using a substitution cipher
Re: (Score:2)
Re: (Score:2)
Yes, I will grant you that figuring it out given weak edge conditions or due to a poor implementation is possible, but it's still not as simple as just opening a file and changing a couple of characters.
Re: (Score:2)
And in what case would I want the content to be unknow to third parties but not care if third parties tampered with it?
Re: (Score:2)
I don't get it (Score:2)
Where is the link in the story to this part? Anyone?
Re:I don't get it (Score:5, Funny)
Re:I don't get it (Score:5, Funny)
Re:I don't get it (Score:5, Insightful)
Re: (Score:3, Funny)
The cake is a lie
The cake is a lie
The cake is a lie
I have it! (Score:2)
Re: (Score:2)
Re: (Score:2)
Oblig. xkcd link (Score:5, Funny)
Argh. (Score:2)
Argh.
Re: (Score:2)
That's some quick indexing.
Note to Google. When I put in "nist SP800-56" I want you to take me to the NIST spec.
Re: (Score:2)
800-56 was around at the time. It was not so much withdrawn, as snuck away, destoyed and the remains buried in a shallow grave somewhere in Maryland. NIST won't admit to its existence these days.
Re: (Score:2)
I'm still hunting for the document saying it's deprecated for hashing but it's fine as a PRNG. It's in there somewhere.
Re: (Score:2)
Just use Identity... (Score:2)
With hash values getting longer and longer, wouldn't it be more economic to just use Identity as the hashing function?
Here's your grain of salt...
Re: (Score:2, Insightful)
Re: (Score:2)
The attacks against SHA-1 have reduced the
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's moot in certs. It's going to be padded out to 2048 bits anyway.
Re: (Score:2)
AES has this property in the key length. Its parent spec Reignwatchamacallit has it in block size also.
Someone with a lowly ARM should design their chip so the crypto can run at the needed rate. If RTL is needed, go design the RTL. It's not hard.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you have a weak hash, and all of the input bits don't participate in forming each output bit, of course you should first hash that output with a real hash algorithm before discarding bits.
Re: (Score:2)
From cost/performance perspecive, it might be nice to have a 128-bit hash standard as well as a 256-bit hash standard, but from a "how safe is my hash" perspective a 256-bit algorithm is fine if you only need a 128-bit
Re: (Score:2)
With just 128 bits of input data I guess the 256-bit hash would have more collisions, thought it should still be a statistically tiny amount.
Re: (Score:2)
No doubt (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Top Secret is defined as information that would seriously damage the US if released. They would not trust encrypting such secrets in it if, at the time they made that decision, they had discovered a weakness that would allow them to break it. Thus, the only way this would happen if they are behaving rationally is if they were lying. For them to do that successfully it would require having something classified at a level no higher than Con
A working solution today: whirlpool (Score:2)
Specs! (Score:2)
So, what requirements should a submission fulfill? I can't find them!
I'll I got to say is... (Score:2)
SHA right!
SHA3 = SHA1(data) + SHA2(data) (Score:2)
Re: (Score:2)
My patent trumps your patent!
Re: (Score:2)
BOINC Project to Find SHA-1 Collision(s) (Score:2)
The problem is implementing them. (Score:2)
The Shakespeare hash (Score:2)
NIST code quality (Score:2)
Recently I was asked to provide some info about the quality of a PRNG generator used in one of our programs.
One of the questions was how well it does on the NIST Statistical Test Suite [nist.gov].
So, I head over to the NIST site and download [nist.gov] the latest version for Windows, dated March 22, 2005.
First thing that I notice is that it does not compile under Visual Studio 2005.
OK, I understand, they only had about two and a half years to fix this which is obviously not enough for an organization
Re: (Score:1, Insightful)
Re:I know I'm paranoid, but... (Score:5, Insightful)
Not to mention that I sincerely doubt that anyone is currently using some super-secret ultra-elite hashing algorithm that no one else knows about. This field of mathematics and security is quite mature and very much open to scrutiny currently. The current solutions are fully documented. I think the point here is that further progress isn't going to be made by lone researchers hiding their results: the only way forward is via more open collaboration.
Sorry, but I think your paranoia is unfounded in this case!
(Disclosure: I work with NIST, but have nothing to do with this project. Note that my opinions are my own and should not be construed as official statements from NIST.)
Very similar to the AES competition (Score:5, Insightful)
So that leaves you with two possible situations:
1) That the NSA is so amazingly far ahead of everyone else in crypto that they were able to find something in AES that no one else has in over a decade. Also they are so confident in their knowledge that they believe nobody else will find it since if they did the results would be a big problem (AES is approved for classified data, and is used by US financial institutions).
or
2) AES is really secure, and the NSA is telling the truth.
Now which is more likely? Also, supposing you believe option #1 then why trust any crypto? If the NSA really is so good that they can outdo the entire rest of the crypto community, well then they can probably break pretty much any of the cryptosystems out there. You can't trust any of them since the only people who would really know if they were insecure won't say.
Seems extremely unlikely.
Well, same deal with this hash competition. If you believe that the government will be able to pick one that is in fact something they can break, but that nobody else in the world will know about this then it doesn't matter, because their understanding is so far advanced that all hashes would have to be suspect.
Given the extremely public, international, nature of things like this there really isn't any room for mistrust. I again point to the results of the AES competition. You want to talk about a cypher that has stood up to some extreme scrutiny, there you go.
Re:Very similar to the AES competition (Score:5, Informative)
The NSA has an actual track record here, and their motives have proven good so far. However, they claim that (due to lack of funding and too much competition from financial firms for math PhDs) they aren't so far ahead any more.
Re: (Score:2, Redundant)
Re:Very similar to the AES competition (Score:4, Insightful)
You've got it wrong. They were decades ahead because nobody outside of the NSA was doing cryptography AT ALL. There was no real effort at all from the private sector.
DES was really the ONE cryptographic algorithm that existed, anywhere, and even that could only be found internal to IBM, which was by far the biggest digital equipment company anywhere at the time.
It isn't "too much competition" now, it's simply that, for the first time, they've got any competition at all.
Re:Very similar to the AES competition (Score:4, Informative)
Now, it is possible that such statements are just for show, but it takes a belief that they are playing an incredulously deep game that they would make those statements as a denial and deception practice.
Re:Very similar to the AES competition (Score:5, Informative)
Oh no doubt (Score:3, Informative)
However being a bit ahead in terms of creating a system is real different form being far enough ahead to break systems. To mistrust the NSA on AES means you figure that they know enough to know how to break it, and that they figure the knowledge is so far advanced that no one else will figure it out. One of the NS
Re: (Score:2)
It's actually IMPORTANT to open the algorithm. An open algorithm is open to analysis for how well it performs its job, and for any bugs or short-circuits, any methods of recovering the input data from the hash. It's provably secure or insecure. You can analyze an open hash algorithm mathematically to determine how likely it is that two given input data items will evaluate to the same hash.
With a closed algorithm, you can't perform this analysis. In the related discipline of encryption
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Admitting you have a problem is the first step ...
Seriously, though, while your suspicion of their motives is not entirely unfounded, this probably won't help them crack anything. The best thing about a good encryption algorithm is that just knowing the algorithm isn't enough to allow you to crack it.
Re: (Score:2)
Maybe you didn't mean fragment, but I don't know what a phragment is...
Re: (Score:2)
If you're going to be a grammar Nazi, at least spell-check your post
Re: (Score:2)
Ha! More anti-establishment mathematician music on Slashdot!
Weird parallel structure (Score:2)
in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1
and
because SHA-1 and the SHA-2 family share a similar design.
You won't catch me defending this abomination of a sentence, but that's how I'd parse such a thing.
Re:What would happen if... (Score:5, Insightful)
Yes, and you'd spend most of your time trying to prove those algorithms are any good. That's the hard part anyhow, coming up with new algorithms isn't.
Re: (Score:2)
Yep (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
This brings up a few interesting facts. The vast majority of random functions (restricting to ones with the right input and output sizes) would make 100% perfect hash functions. In fact this is true virtually by definition. So in a way, finding a new hash function is easy - just pick one at random. (The same is true for encryption functions.)
However, there are two small problems. First, the vast majority of random functions take more roo
Re: (Score:2)
1. Declare war on Social Ill Y with a bogus slogan "_______ Crisis"
2. Announce increase in taxes and/or entitlement spending
3. Repeat 2 as often as necessary for the domestic brain dead.
4. Use to increase political power locally and abroad by showing how "enlightened" you are.
5. Profit!
6. We all lose.
Cheers,
Hillary Roddam C. [hillaryclinton.com]
Re:New Hash Algorithm Submission #1 (Score:4, Insightful)
1. Declare war on Big Government with bogus slogan "Let the free market fix __________"
2. Announce plans to decrease funding to social programs
3. Figure out that you have no one in any elected office in any country anywhere who can carry out 2.
4. Announce that someone who has never professed to be a libertarian but holds a few libertarian ideals, is in fact a libertarian. Do the same for historical figures, especially anarchists.
5. Make up bogus arguments about the magical free market that will never be put to any sort of test, due to 3., above.
6. Parrot back tired arguments that were disproved hundreds of years ago, back in the days of lassez-faire. Conveniently forget about child labor, horrid working conditions, rampant pollution, institutionalized racism, debt slavery, and any other facts that show unregulated free market capitalism destroys lives.
7. Cherry pick examples of deregulation and privatization, ignoring any cases that prove libertarian methods wrong.
8. Try to convince other libertarians to all move to the same state so you can remedy point 2.
9. Realize that convincing self-centered libertarians to do anything is like trying to herd cats.
10. The rest of us grow bored with your childish, self involved, "Nyah nyah, you're not the boss of me!" political stance and ignore you, as libertarians have never managed to do anything more than talk.
Wait, that's not funny, it's just sad.
Re: (Score:3, Interesting)
1) Never been tried.
2) What's wrong with this?
3) Sad, isn't it?
4) Huh?
5) Again haven't been tried in a while
6) I actually believe GVMT Roll in some of these things
7) No Cherry Picking here
8) Whatever
9) Whatever
10) Too many people being (D) or (R) because of Fear and Fear.
Lets just deal with #1
Free Markets are easy to control. Corporate Charters are given by the GVMT, why aren't they revoked more often? Why aren't assets seized? Why aren't boards of directors a
Are you a Unicorn? (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That would be for signatures, not hashes.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Any rot13 joke is pointless. We all know rot13 is reversable. What hashing is all about is non-reversability. That is, given some large string of content, produce a smaller string that cannot re-create the original content. So why not combine things: md5 -> triple-rot13
Re: (Score:2)
This would consume considerable finite time. Yes, considerable but finite.
Re: (Score:2)
Ok, assume you have a 4KB XML document ... and you get an MD5. Even knowing those two pieces of information (valid XML and roughly 4K) do you think you could reverse that given "considerable" but finite time? (hint: you have to prove that there is only one possible input that doesn't fail those limiters ... and I don't think you can).
Re: (Score:2)
Based upon the md5 routine in a software package, I can get the initial set of random sequences and stepping for the first so many characters - that will allow me a much higher chance of calculating the rest of the random sequencing / stepping that is occ
Re: (Score:2)
Two things: Kerckhoff's principle states that the security of a routine must come from only the secrecy of the key, not the secrecy of the algorithm and certainly not the secrecy of the original document. "Known plaintext" and "chosen plaintext" attac
Re: (Score:2)
Re: (Score:2)
They never were formatted with two spaces, or at least never should have been. Most browsers automatically reduce two spaces to one in any case.
With a proportinal-width font, you are supposed to use one space after a period (sometimes auto-kerned to 1.5 spaces in higher-end software). With a mono-spaced font, you use two spaces. I used to run the IT shop at a newspaper, and I was quickly elnigh