NIST Opens Competition for a New Hash Algorithm

Invisible Pink Unicorn writes "The National Institute of Standards and Technology has opened a public competition for the development of a new cryptographic hash algorithm, which will be called Secure Hash Algorithm-3 (SHA-3), and will augment the current algorithms specified in the Federal Information Processing Standard (FIPS) 180-2. This is in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design. Submissions are being accepted through October 2008, and the competition timeline indicates that a winner will be announced in 2012."

hash algorithm hash recipe

[Briden]

i prefer the bubble bag method for making hash

Encryption == Something to Hide

[explosivejared]

Why does the government promote creating new encryption methods when encrypting data so clearly means you have something to hide and are therefore guilty? I mean COME ON!

Encryption != Hashing

[rock217]

Encryption implies that you can reconstruct the original string from the encoded. Methods like md5, sha1, etc are one way algorithms that cannot be reversed* in a realistic amount of time.



* - Rainbow tables

Re:

[TechyImmigrant]

When hashing a data set larger than the resulting digest, it cannot be reversed at all. However you can find collisions which is handy if you want to subvert the PKI hierarchy that protects web transactions.

Re:

[Kjella]

It can only be reversed for the wierd case where you're trying to make a few bits (30-40 bits of a password) into many (160/256/384/512 bits), which is of course impossible and the quality of the hash method doesn't matter. The only thing rainbow tables do is try to make a universal lookup table, and the only thing that helps is (cryptographic) salt. Most of the time hashes are used to make checksums of e.g. your linux distro, which obviously can't be reversed.

Re:

[Comatose51]

Rainbow tables won't help you get the old message back since pretty much by definition or pigeonhole theorem there is more than one plaintext that can generate the same hash. Breaking a hash algorithm usually involves finding a plaintext that generates the specific hash, thus fooling the victim into thinking that plaintext was the original one.

Or imagine this: you have a simple hash function that takes all the letters in a message, turns them into number based on their place in the alphabet, and adds them

Re:

[ultranova]

Methods like md5, sha1, etc are one way algorithms that cannot be reversed* in a realistic amount of time.

Nitpick: they can't be reversed in any amount of time, because for any given hash, there are propably an infinite amount of strings which hash to that hash.

Re:

[mattpalmer1086]

I think you're mixing up the definition of cryptography with that of encryption. Cryptography encompasses encryption, hashing, key exchange, zero-knowledge proofs and other stranger things. A hash algorithm is a one-way function by definition - you can't reverse it even with knowledge of what was done. En-cryption is a two-way function - it always implies the possibility of de-cryption.

Re:

[masterzora]

While the term encryption usually implies a decryption method, it's not necessarily so. In fact, the etymology shows that "encrypt" basically means "to cause something to be hidden", which a hash function definitely succeeds at.

Re:No, you're right.

[smallfries]

Maybe you should chase the etymology one level deeper. If the original data cannot be recovered then it is not "hidden" but "destroyed". You may not believe that the term encryption means a two-way process with an available decryption function - but that is the definition that the crypto community uses, and so it's good enough for me.

Re:

[mattpalmer1086]

It seems like splitting hairs, but actually it matters. People used to think that if you encrypted something, it was safe from modification, but that's just not true. They thought that if it was encrypted, it would be impossible for an attacker to create useful changes in it, but it turns out that isn't true.

One very simple attack was changing the grades in a school system. The school encrypted the grades, so they thought they were safe from change. The failed students hacked into the system, and just c

Re:

[flosofl]

One very simple attack was changing the grades in a school system. The school encrypted the grades, so they thought they were safe from change. The failed students hacked into the system, and just changed their data to the same data held against students they knew had done well. Anyway, that's just one way that encryption doesn't protect you against malicious modification. It gets a lot sneakier the more you look into it.

What was the school using, ROT13? It sounds like they were using a substitution cipher

Re:

[mattpalmer1086]

In this case, each student's grades were encrypted independently of each other. The hackers just literally copied the encrypted grade for a good student over their own. The school assumed that because the grades were encrypted they were "secure", when in fact you can attack without having to decrypt or alter existing encryption at all. I did say it was a simple example, but it illustrates how "security" is hard for people who are untrained. There are more complex attacks on encryption itself that can p

Re:

[flosofl]

The attack described is perfectly feasible using a modern block cipher used in an unsuitable mode such as ECB, or CBC with a static or inappropriately reused IV.

Yes, I will grant you that figuring it out given weak edge conditions or due to a poor implementation is possible, but it's still not as simple as just opening a file and changing a couple of characters.

No! A MAC is not encryption (though it may be implemented using a block cipher) -- you cannot decrypt a MAC tag and produce the original message!

Re:

[DarkOx]

Why would anyone encrypt something unless they wanted it to remain untampered with?

Because they want the content to be unknown to third parties.

And in what case would I want the content to be unknow to third parties but not care if third parties tampered with it?

Re:

[SnowZero]

Clearly you are a hat-wearing [google.com] terrorist.

I don't get it

[eclectro]

Once I develope the winning uber hash function, what do I get? I can't find in the timeline where it mentions a large cash prize with strippers jumping out of cake. Some balloons too.

Where is the link in the story to this part? Anyone?

Re:I don't get it

[bmac83]

Pay attention. You will be given a short string of characters that describes how to get from the prize to where you currently are, but from the directions it will be impossible to find your way back to the prize.

Re:I don't get it

[ajlitt]

If you cannot comprehend the string, assume the party escort submission position. A party representative will arrive shortly to escort you to your prize and a party celebrating your reception of said prize. There will be cake.

Re:I don't get it

[Lord Ender]

If you can claim to be the author of the US government standard cryptographic hash, you get to charge pretty much whatever you want in consulting fees.

Re:

[click2005]

The cake is a lie
The cake is a lie
The cake is a lie
The cake is a lie

I have it!

[0100010001010011]

Jung qb V jva?

Re:

[treeves]

You win nothing.

Re:

[sconeu]

Lbh snvy vg!

Oblig. xkcd link

[hellergood]

http://xkcd.com/257/ [xkcd.com]

Argh.

[TechyImmigrant]

I put a SHA-1 based KDF in 802.16 because NIST SP800-56 told me to.

Argh.

Re:

[TechyImmigrant]

I decided to go back and look at the spec so I could respond with the specific requirement. Rather than dig in my files I went to google to find the document. I put in "nist SP800-56" and up pops the message I posted two steps earlier in this thread.

That's some quick indexing.

Note to Google. When I put in "nist SP800-56" I want you to take me to the NIST spec.

Re:

[TechyImmigrant]

You're reading 800-56A. Not 800-56.

800-56 was around at the time. It was not so much withdrawn, as snuck away, destoyed and the remains buried in a shallow grave somewhere in Maryland. NIST won't admit to its existence these days.

Re:

[TechyImmigrant]

Not *exactly* the same..

I'm still hunting for the document saying it's deprecated for hashing but it's fine as a PRNG. It's in there somewhere.

Re:

[TechyImmigrant]

That's what I told the person from NIST.

Just use Identity...

[GeekDork]

With hash values getting longer and longer, wouldn't it be more economic to just use Identity as the hashing function?

Here's your grain of salt...

Re:

[marcello_dl]

No.

Re:

[secPM_MS]

Hashes are used directly in essentially all forms of signatures and integrity verifications, as you hash the data being represented and then sign or protect the hash value. HMAC's are (or should be) used with strong keys for protecting the integrity of communications. As such, hashes should be fast and resistant to capable assault with massive computational resources. Given the birthday effect, collisions will occur with a when a message pool is ~ sqrt(hash size).

The attacks against SHA-1 have reduced the

Re:

[Surt]

A 1024 byte hash is not large compared to the gigabyte file it signs.

Re:

[TechyImmigrant]

I was thinking of the 1600 byte cert it forms the digest in.

Re:

[TechyImmigrant]

>Personally I think anything over 256 is overkill. But that's just me...

It's moot in certs. It's going to be padded out to 2048 bits anyway.

Re:

[TechyImmigrant]

I'm not disagreeing. A hash algorithm can cover a sensible range of widths would be useful for situations not needing bigger hashes.

AES has this property in the key length. Its parent spec Reignwatchamacallit has it in block size also.

Someone with a lowly ARM should design their chip so the crypto can run at the needed rate. If RTL is needed, go design the RTL. It's not hard.

Re:

[TechyImmigrant]

Are you going to be in Atlanta next week?

Re:

[TechyImmigrant]

I was more thinking of getting a beer than discussing crypto

Re:

[TechyImmigrant]

I figured dot1 would be enjoying your presence.

Re:

[lgw]

Take the first half of the 256-bit hash and you have a stronger 128-bit hash than a 128-bit hash using the same algorithm. The only point of a true 128-bit hash would be performance, but if you really care about crypto performance you do everything in hardware, and you might as well buy the 256-bit chip these days.

Re:

[Cairnarvon]

Take the first half of the 256-bit hash and you have a stronger 128-bit hash than a 128-bit hash using the same algorithm.

I hope you don't actually believe that.

Re:

[lgw]

If you disagree, you might explain why. In a good hash, each bit of the output equally "represents" all bits of the input. Taking the result of a large hash mod a smaller value, or just taking some of the bits, does not make a strong hash weaker.

If you have a weak hash, and all of the input bits don't participate in forming each output bit, of course you should first hash that output with a real hash algorithm before discarding bits.

Re:

[lgw]

That's not what I'm saying at all. I'm saying that, for the difficulty of reversing a hash, you don't lose any strength by using a larger-blocksize hash and just taking the bits you want from the result. You may get a few more collisions, but that's been stated as unimportant in this thread.

From cost/performance perspecive, it might be nice to have a 128-bit hash standard as well as a 256-bit hash standard, but from a "how safe is my hash" perspective a 256-bit algorithm is fine if you only need a 128-bit

Re:

[lgw]

A truncated 256-bit hash would IMO be at least as strong as a 128-bit hash assuming they're both equally secure algorithms, and at least 256-bits of input data was used (the situation concerning the OP of the thread).

With just 128 bits of input data I guess the 256-bit hash would have more collisions, thought it should still be a statistically tiny amount.

Re:

[lgw]

A 256-bit chip you can by off-the-shelf is better than the 128-bit chip you can't, but then I guess that's why you want to see a 128-bit standard. But using a 256-bit chip and only taking half the bits would be just as strong.

No doubt

[JustNiz]

part of the reason for the long delay is to allow the CIA and NSA to evaluate all contenders for suitability of being crackable/backdoorable by them.

Re:

[Llywelyn]

The NSA has approved AES for encrypting secret data (128+ bits) and top secret data (192+ bits). Unless they are playing a very deep denial and deception game, it stands to reason that they can't find a way through it either.

Re:

[JustNiz]

Of course the NSA are going to claim they can't crack any encryption they've already cracked. It means something new won't come along and blow away all their hard work. Also, they're hoping such statements will cause criminals to choose an encryption that the NSA has cracked.

Re:

[Llywelyn]

That would require an unbelievable degree of denial and deception.

Top Secret is defined as information that would seriously damage the US if released. They would not trust encrypting such secrets in it if, at the time they made that decision, they had discovered a weakness that would allow them to break it. Thus, the only way this would happen if they are behaving rationally is if they were lying. For them to do that successfully it would require having something classified at a level no higher than Con

A working solution today: whirlpool

[wherrera]

See http://en.wikipedia.org/wiki/WHIRLPOOL [wikipedia.org]

Specs!

[Bromskloss]

So, what requirements should a submission fulfill? I can't find them!

I'll I got to say is...

[ShakaUVM]

I'll I got to say is...

SHA right!

SHA3 = SHA1(data) + SHA2(data)

[cpeterso]

I have a patent.

Re:

[Unnngh!]

SHA3 = SHA1(data) xor SHA2(data)

My patent trumps your patent!

Re:

[owlstead]

You must be trying to be funny, because that would be significantly weaker than SHA-2. First of all, I hope you are trying to do adding, because concatenation is directly publishing the weaker hash. If you are adding, I would do so modulus the larger hash, because otherwise you might get 257 bits of SHA-2. But mainly if you look at crypto-analysis techniques, adding another algorithm normally weakens the original algorithm. It is much better to just add more calculations or more rounds. Even then I would ra

BOINC Project to Find SHA-1 Collision(s)

[MrKevvy]

The linked NIST report mentions only the work of Prof. Yang with which no one has yet found a collision, but a team from Graz University of Technology (Austria) has proposed a significantly faster algorithm for producing SHA-1 collisions and is running a BOINC project to find one [tugraz.at].

The problem is implementing them.

[bcrowell]

There are already good hash functions out there that don't share the basic design of SHA. I've been using whirlpool for applications where security is important. (Good old md5 is fine for applications that don't involve security.) The problem is getting these newer hash functions widely implemented. For instance, here [launchpad.net] is my request to get the perl Digest::Whirlpool module packaged for debian/ubuntu. Until better hashes are conveniently packaged, authors of applications actually have a disincentive to move t

The Shakespeare hash

[Nazlfrag]

Just get 1000 monkeys and 1000 numeric keypads. Where's my prize?

NIST code quality

[alexo]

I have an anecdote to share.

Recently I was asked to provide some info about the quality of a PRNG generator used in one of our programs.
One of the questions was how well it does on the NIST Statistical Test Suite [nist.gov].

So, I head over to the NIST site and download [nist.gov] the latest version for Windows, dated March 22, 2005.

First thing that I notice is that it does not compile under Visual Studio 2005.
OK, I understand, they only had about two and a half years to fix this which is obviously not enough for an organization

Re:

[Anonymous Coward]

Or even worse build a standard based on their work where there are very specific weaknesses built in- you know to fight ""terrorism""

Re:I know I'm paranoid, but...

[kebes]

I know I'm being paranoid, but did anybody else think that this is a way for the gummint to get a look at the various methods people are using to secure their data?

I think you are being a bit paranoid! NIST is proposing an open competition to develop a new open standard for hashing. Anyone who wants to participate can do so. Anyone who wants to retain their "secret hashing method" can continue to keep it secret. It's not like the government is demanding anything. This is just a research agency promoting open research.

Not to mention that I sincerely doubt that anyone is currently using some super-secret ultra-elite hashing algorithm that no one else knows about. This field of mathematics and security is quite mature and very much open to scrutiny currently. The current solutions are fully documented. I think the point here is that further progress isn't going to be made by lone researchers hiding their results: the only way forward is via more open collaboration.

What better way to get the methods than to have a 'competition', something that will stroke the egos of crackers?

If a cracker wants to sell his secrets at the cost of an ego-stroke, that's his choice. Nothing nefarious here. Again, NIST is not going to take these results and use them for evil ends (or even for commercial gain): they are hoping to create an open, public standard that everyone will benefit from (and which international experts in mathematics, cryptography, and computer security will analyze in detail). That's what NIST does.

Sorry, but I think your paranoia is unfounded in this case!

(Disclosure: I work with NIST, but have nothing to do with this project. Note that my opinions are my own and should not be construed as official statements from NIST.)

Very similar to the AES competition

[Sycraft-fu]

Also done by NIST. I suppose you could be all paranoid and claim that AES was chosen so the that US government could snoop on you since, after all, the NSA signed off on it as being secure and they'd never tell the truth, right? Well, except for the fact that it was designed by a couple of Belgians and has also been signed off on by essentially every other respected crypto expert and organization there is.

So that leaves you with two possible situations:

1) That the NSA is so amazingly far ahead of everyone else in crypto that they were able to find something in AES that no one else has in over a decade. Also they are so confident in their knowledge that they believe nobody else will find it since if they did the results would be a big problem (AES is approved for classified data, and is used by US financial institutions).

or

2) AES is really secure, and the NSA is telling the truth.

Now which is more likely? Also, supposing you believe option #1 then why trust any crypto? If the NSA really is so good that they can outdo the entire rest of the crypto community, well then they can probably break pretty much any of the cryptosystems out there. You can't trust any of them since the only people who would really know if they were insecure won't say.

Seems extremely unlikely.

Well, same deal with this hash competition. If you believe that the government will be able to pick one that is in fact something they can break, but that nobody else in the world will know about this then it doesn't matter, because their understanding is so far advanced that all hashes would have to be suspect.

Given the extremely public, international, nature of things like this there really isn't any room for mistrust. I again point to the results of the AES competition. You want to talk about a cypher that has stood up to some extreme scrutiny, there you go.

Re:Very similar to the AES competition

[lgw]

1) That the NSA is so amazingly far ahead of everyone else in crypto that they were able to find something in AES that no one else has in over a decade.

When the DES standard was created, the NSA was so amazing far ahead of everyone else that they were able to find somehting in DES that no one else found for over a decade. The NSA provided very specific technical advice (without explanation) that was followed in the creation of DES. Many years later, the rest of the world caught up and discovered that the NSA had corrected a very subtle weakness in DES.

The NSA has an actual track record here, and their motives have proven good so far. However, they claim that (due to lack of funding and too much competition from financial firms for math PhDs) they aren't so far ahead any more.

Re:

[ceswiedler]

I'm too lazy to find the quote, but Bruce Schneier said that the NSA's comments on DES effectively started the field of modern academic cryptography, and that many researchers 'made their bones' analyzing why the changes to DES were important. Thus at the time, the NSA was over a decade ahead, but it's very unlikely they're that far ahead now.

Re:Very similar to the AES competition

[evilviper]

However, they claim that (due to lack of funding and too much competition from financial firms for math PhDs) they aren't so far ahead any more.

You've got it wrong. They were decades ahead because nobody outside of the NSA was doing cryptography AT ALL. There was no real effort at all from the private sector.

DES was really the ONE cryptographic algorithm that existed, anywhere, and even that could only be found internal to IBM, which was by far the biggest digital equipment company anywhere at the time.

It isn't "too much competition" now, it's simply that, for the first time, they've got any competition at all.

Re:Very similar to the AES competition

[Llywelyn]

It is worth emphasizing that the NSA has said that AES 128/192/256 can be used to protect information up to the secret level, and that top secret information can be secured with AES 192 or 256. That's a pretty strong statement coming from the NSA, which if acting rationally they would not want to leave weaknesses in something that is used to secure information that would be, by definition, "very damaging to the US and its interests if released."

Now, it is possible that such statements are just for show, but it takes a belief that they are playing an incredulously deep game that they would make those statements as a denial and deception practice.

Re:Very similar to the AES competition

[James Youngman]

If the NSA really is so good that they can outdo the entire rest of the crypto community, well then they can probably break pretty much any of the cryptosystems out there.

Actually I think you're right, but to play Devil's Advocate for a moment, I will note that the UK government agency GCHQ [gchq.gov.uk] developed a public-key cryptosystem between 1969 and 1973 [uni-klu.ac.at], significantly before Diffie and Hellman's (apparently) ground-breaking paper. So, government agencies are quite capable of beating the public state of the art and not telling anyone about it.

Oh no doubt

[Sycraft-fu]

And there's evidence that the NSA understood quite a bit more about cryptography back in the DES days based on a change they made ot it that hardened it against an as of yet unknown kind of attack.

However being a bit ahead in terms of creating a system is real different form being far enough ahead to break systems. To mistrust the NSA on AES means you figure that they know enough to know how to break it, and that they figure the knowledge is so far advanced that no one else will figure it out. One of the NS

Re:

[jddj]

You are being paranoid.

It's actually IMPORTANT to open the algorithm. An open algorithm is open to analysis for how well it performs its job, and for any bugs or short-circuits, any methods of recovering the input data from the hash. It's provably secure or insecure. You can analyze an open hash algorithm mathematically to determine how likely it is that two given input data items will evaluate to the same hash.

With a closed algorithm, you can't perform this analysis. In the related discipline of encryption

Re:

[UID30]

Not to mention that I sincerely doubt that anyone is currently using some super-secret ultra-elite hashing algorithm that no one else knows about.

You have obviously never heard of my ROT-13.5 algorithm. They never figure out that extra .5

Re:

[Cairnarvon]

Even if that were plausible, it'd definitely be a risk worth taking. Cryptographic methods that are kept secret are never as secure as methods that are scrutinised by thousands of cryptanalysts around the world, as even the NSA itself has experienced on more than one occasion. Cryptographers, more than anyone else, are very much aware of the fact that security through obscurity just doesn't work.

Re:

[Bob-taro]

I know I'm being paranoid, but

Admitting you have a problem is the first step ...

Seriously, though, while your suspicion of their motives is not entirely unfounded, this probably won't help them crack anything. The best thing about a good encryption algorithm is that just knowing the algorithm isn't enough to allow you to crack it.

Re:

[ByOhTek]

what fragment of that sentance? There's a subject, main verb, helper verbs and objects!

Maybe you didn't mean fragment, but I don't know what a phragment is...

Re:

[cliveholloway]

And I don't know what a sentance is either.

If you're going to be a grammar Nazi, at least spell-check your post :)

Re:

[fuzzix]

Call him a Nazi, he won't even frown,
"Ha, Nazi, Schmazi," says Wernher von Braun.

Ha! More anti-establishment mathematician music on Slashdot! :)

Weird parallel structure

[timster]

This is
    in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1
and
    because SHA-1 and the SHA-2 family share a similar design.

You won't catch me defending this abomination of a sentence, but that's how I'd parse such a thing.

Re:What would happen if...

[SigILL]

What would happen if you wrote a program to randomly create algorithms? Most of them would be rubbish, but occasionally you'd hit gold.

Yes, and you'd spend most of your time trying to prove those algorithms are any good. That's the hard part anyhow, coming up with new algorithms isn't.

Re:

[hey]

Automate the testing (of the algorithms).

Yep

[Sycraft-fu]

That's why you'll see even the authors of cryptosystems that lost to AES recommending AES. In some cases, the losers are theoretically more secure. However what they are not is more tested. AES is probably the most tested cryptosystem next to DES. As such, people are pretty sure there aren't any lurking holes.

Re:

[zippthorne]

Yeah but the problem is that the monkeys tend to pick the same three keys most of the time.

Re:

[springbox]

That's the idea behind genetic algorithms [wikipedia.org]. Although the approach is a bit "smarter." Actually, I had the idea of making a hashing algorithm using a GA for the (second) time yesterday.

Re:

[TheRaven64]

Genetic algorithms only work in cases where you have a clear criteria for 'better.' I suppose such a for hashing algorithms would be fewer collisions on random data but then you would be more likely to find flaws in your random number generator than get a good hashing algorithm.

Re:

[SiliconEntity]

What would happen if you wrote a program to randomly create algorithms?

This brings up a few interesting facts. The vast majority of random functions (restricting to ones with the right input and output sizes) would make 100% perfect hash functions. In fact this is true virtually by definition. So in a way, finding a new hash function is easy - just pick one at random. (The same is true for encryption functions.)

However, there are two small problems. First, the vast majority of random functions take more roo

Re:

[Archangel Michael]

Democratic version: Note, I'm l[L]ibertarian, and find the humor in parent post.

1. Declare war on Social Ill Y with a bogus slogan "_______ Crisis"
2. Announce increase in taxes and/or entitlement spending
3. Repeat 2 as often as necessary for the domestic brain dead.
4. Use to increase political power locally and abroad by showing how "enlightened" you are.
5. Profit!
6. We all lose.

Cheers,
Hillary Roddam C. [hillaryclinton.com]

Re:New Hash Algorithm Submission #1

[spun]

As you've admitted to being a libertarian, I suppose I should make one for you, too:

1. Declare war on Big Government with bogus slogan "Let the free market fix __________"
2. Announce plans to decrease funding to social programs
3. Figure out that you have no one in any elected office in any country anywhere who can carry out 2.
4. Announce that someone who has never professed to be a libertarian but holds a few libertarian ideals, is in fact a libertarian. Do the same for historical figures, especially anarchists.
5. Make up bogus arguments about the magical free market that will never be put to any sort of test, due to 3., above.
6. Parrot back tired arguments that were disproved hundreds of years ago, back in the days of lassez-faire. Conveniently forget about child labor, horrid working conditions, rampant pollution, institutionalized racism, debt slavery, and any other facts that show unregulated free market capitalism destroys lives.
7. Cherry pick examples of deregulation and privatization, ignoring any cases that prove libertarian methods wrong.
8. Try to convince other libertarians to all move to the same state so you can remedy point 2.
9. Realize that convincing self-centered libertarians to do anything is like trying to herd cats.
10. The rest of us grow bored with your childish, self involved, "Nyah nyah, you're not the boss of me!" political stance and ignore you, as libertarians have never managed to do anything more than talk.

Wait, that's not funny, it's just sad.

Re:

[Archangel Michael]

First off, Touche. I love a good ribbing ... :-D

1) Never been tried.
2) What's wrong with this?
3) Sad, isn't it?
4) Huh?
5) Again haven't been tried in a while
6) I actually believe GVMT Roll in some of these things
7) No Cherry Picking here
8) Whatever
9) Whatever
10) Too many people being (D) or (R) because of Fear and Fear.

Lets just deal with #1

Free Markets are easy to control. Corporate Charters are given by the GVMT, why aren't they revoked more often? Why aren't assets seized? Why aren't boards of directors a

Are you a Unicorn?

[spun]

Oh, I see. You're a smart libertarian who can take a joke. Even rarer than a Unicorn. ;-)

Re:

[Bloke down the pub]

I actually believe GVMT Roll

Never heard of him, what did he say?

Re:

[InvisiBill]

I know SHA0 and SHA1 are broken but SHA2? I thought they're still secure to use, especially the SHA2-512. What I am missing?

From TFS:

because SHA-1 and the SHA-2 family share a similar design

Re:

[TechyImmigrant]

> It should probably be based on http://en.wikipedia.org/wiki/Elliptic_curve_cryptography [wikipedia.org] . Unless they want something that only they can break. :O

That would be for signatures, not hashes.

Re:

[Abcd1234]

It would also be heavily patent encumbered.

Re:

[SnowZero]

Quick, someone invent hyperbolic encryption! I think I've already seen that used here on slashdot to encode comments. Oh no wait, that's hyperbole...

Re:

[Skapare]

Any rot13 joke is pointless. We all know rot13 is reversable. What hashing is all about is non-reversability. That is, given some large string of content, produce a smaller string that cannot re-create the original content. So why not combine things: md5 -> triple-rot13

Re:

[cdrguru]

MD5 is reversable. All you have to do is randomly generate every bit combination up to some maximum length until you have a matching MD5. There will be a number of collsions but these will not pass other tests on the content. It is therefor possible to reverse an MD5 hash value into the original data.

This would consume considerable finite time. Yes, considerable but finite.

Re:

[Nevyn]

Ok, assume you have a 4KB XML document ... and you get an MD5. Even knowing those two pieces of information (valid XML and roughly 4K) do you think you could reverse that given "considerable" but finite time? (hint: you have to prove that there is only one possible input that doesn't fail those limiters ... and I don't think you can).

Re:

[CTalkobt]

Anytime that you know the format, or partial content of the original document (such as knowing it's XML and hence will have the same opening and closing tags, and presumably a DTD declaration) you make life much much easier for those attempting to crack it.

Based upon the md5 routine in a software package, I can get the initial set of random sequences and stepping for the first so many characters - that will allow me a much higher chance of calculating the rest of the random sequencing / stepping that is occ

Re:

[plover]

Anytime that you know the format, or partial content of the original document (such as knowing it's XML and hence will have the same opening and closing tags, and presumably a DTD declaration) you make life much much easier for those attempting to crack it.

Two things: Kerckhoff's principle states that the security of a routine must come from only the secrecy of the key, not the secrecy of the algorithm and certainly not the secrecy of the original document. "Known plaintext" and "chosen plaintext" attac

Re:

[grumbel]

The only way you can revert MD5 or for that matter any hash is by constructing a huge database of all known files, hash them all then just find the one that has the same hash as the one that is given. Of course that won't be all that useful, you might find a Linux source tarball that way, because its publicly available, but thats it. Unless you already know the file you don't have any chance of ever reversing a hash. Its just a matter of information loss, if you have 128bit of 'storage', you can't store a 1

Re:

[Thundersnatch]

Who the f*** decided that sentences on the Internet shall no longer be formatted with two spaces after a period?!

They never were formatted with two spaces, or at least never should have been. Most browsers automatically reduce two spaces to one in any case.

With a proportinal-width font, you are supposed to use one space after a period (sometimes auto-kerned to 1.5 spaces in higher-end software). With a mono-spaced font, you use two spaces. I used to run the IT shop at a newspaper, and I was quickly elnigh