NIST Opens Competition for a New Hash Algorithm 187
Invisible Pink Unicorn writes "The National Institute of Standards and Technology has opened a public competition for the development of a new cryptographic hash algorithm, which will be called Secure Hash Algorithm-3 (SHA-3), and will augment the current algorithms specified in the Federal Information Processing Standard (FIPS) 180-2. This is in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design. Submissions are being accepted through October 2008, and the competition timeline indicates that a winner will be announced in 2012."
Re:I know I'm paranoid, but... (Score:1, Insightful)
Re:What would happen if... (Score:5, Insightful)
Yes, and you'd spend most of your time trying to prove those algorithms are any good. That's the hard part anyhow, coming up with new algorithms isn't.
Re:I know I'm paranoid, but... (Score:5, Insightful)
Not to mention that I sincerely doubt that anyone is currently using some super-secret ultra-elite hashing algorithm that no one else knows about. This field of mathematics and security is quite mature and very much open to scrutiny currently. The current solutions are fully documented. I think the point here is that further progress isn't going to be made by lone researchers hiding their results: the only way forward is via more open collaboration.
Sorry, but I think your paranoia is unfounded in this case!
(Disclosure: I work with NIST, but have nothing to do with this project. Note that my opinions are my own and should not be construed as official statements from NIST.)
rot13 (Score:1, Insightful)
Re:I don't get it (Score:5, Insightful)
Re:New Hash Algorithm Submission #1 (Score:4, Insightful)
1. Declare war on Big Government with bogus slogan "Let the free market fix __________"
2. Announce plans to decrease funding to social programs
3. Figure out that you have no one in any elected office in any country anywhere who can carry out 2.
4. Announce that someone who has never professed to be a libertarian but holds a few libertarian ideals, is in fact a libertarian. Do the same for historical figures, especially anarchists.
5. Make up bogus arguments about the magical free market that will never be put to any sort of test, due to 3., above.
6. Parrot back tired arguments that were disproved hundreds of years ago, back in the days of lassez-faire. Conveniently forget about child labor, horrid working conditions, rampant pollution, institutionalized racism, debt slavery, and any other facts that show unregulated free market capitalism destroys lives.
7. Cherry pick examples of deregulation and privatization, ignoring any cases that prove libertarian methods wrong.
8. Try to convince other libertarians to all move to the same state so you can remedy point 2.
9. Realize that convincing self-centered libertarians to do anything is like trying to herd cats.
10. The rest of us grow bored with your childish, self involved, "Nyah nyah, you're not the boss of me!" political stance and ignore you, as libertarians have never managed to do anything more than talk.
Wait, that's not funny, it's just sad.
Re:Just use Identity... (Score:2, Insightful)
Very similar to the AES competition (Score:5, Insightful)
So that leaves you with two possible situations:
1) That the NSA is so amazingly far ahead of everyone else in crypto that they were able to find something in AES that no one else has in over a decade. Also they are so confident in their knowledge that they believe nobody else will find it since if they did the results would be a big problem (AES is approved for classified data, and is used by US financial institutions).
or
2) AES is really secure, and the NSA is telling the truth.
Now which is more likely? Also, supposing you believe option #1 then why trust any crypto? If the NSA really is so good that they can outdo the entire rest of the crypto community, well then they can probably break pretty much any of the cryptosystems out there. You can't trust any of them since the only people who would really know if they were insecure won't say.
Seems extremely unlikely.
Well, same deal with this hash competition. If you believe that the government will be able to pick one that is in fact something they can break, but that nobody else in the world will know about this then it doesn't matter, because their understanding is so far advanced that all hashes would have to be suspect.
Given the extremely public, international, nature of things like this there really isn't any room for mistrust. I again point to the results of the AES competition. You want to talk about a cypher that has stood up to some extreme scrutiny, there you go.
Re:Very similar to the AES competition (Score:4, Insightful)
You've got it wrong. They were decades ahead because nobody outside of the NSA was doing cryptography AT ALL. There was no real effort at all from the private sector.
DES was really the ONE cryptographic algorithm that existed, anywhere, and even that could only be found internal to IBM, which was by far the biggest digital equipment company anywhere at the time.
It isn't "too much competition" now, it's simply that, for the first time, they've got any competition at all.