# SHA-3 hash finalist Schneier calls for halt in crypto contest

A US government agency will soon announce which of five remaining candidate algorithms will become SHA-3, the new hash function to replace SHA-1 and SHA-2. The latter is a key component in various security technologies, from SSL and SSH to PGP and IPsec, and must be used by law in certain US government applications. The US …

#### Clarification

"A cryptographic hash algorithm converts data into a shortened "message digest" from which it is, ideally, impossible to recover the original information. "

Any decent cryptographic function can be described by the last part of this sentence, whereas cryptographic has algorithms are a special class of these. Can I suggest

"A cryptographic hash algorithm converts data into a shortened "message digest" such that it is not only extremely unlikely that different data will have identical digests, but that it would be computationally infeasible to create data that would yield some given digest.

#### Bad clarification!

Firstly, it is not "extremely unlikely that different data will have identical digests"; it is a certainty that different data will have identical digests, seeing as the set of data values is infinite and the set of digest values is finite.

Secondly, a secure hash needs to have the property that is very difficult to create two different data values that give the same hash value, which is a significantly stronger condition than what you wrote. For example, MD5 is broken according to one criterion, but not yet according to the other (at least not publicly).

#### Re: Not Cool

His choice of words is both perfectly valid and in my opinion superior to your suggestion.

If you're going to pick fault with a construction that you do not recognise, you could save yourself face by actually checking you're correct first.

I mean, if only you were sitting in front of a general-purpose computing device with connectivity to a world-wide and information-rich network accessible at a few keystrokes...

#### Re: Not Cool

You didn't?

So you made the effort to write a comment, *instructing* the OP to change his wording, using the grammar Nazi icon, and expressing surprise and confusion with a "WTF?!?" and even employing excessive punctuation - for what purpose exactly?

I think most people would determine based on the evidence that you were in fact insinuating that it was incorrect, and that this was the sole reason for your post. It certainly has no other use or relevance.

#### Re: Any decent cryptographic function can be described by the last part

So encrypting information in such a way that it cannot be decrypted is useful how, exactly?

#### Re: Any decent cryptographic function can be described by the last part

> So encrypting information in such a way that it cannot be decrypted is useful how, exactly?

Digital Signatures ...

#### Re: Any decent cryptographic function can be described by the last part

"Digital signatures" - that's rather specific, and more than a little obvious considering the content of the article. I was asking more generally, because he wrote "any" decent cryptographic function, not "some".

#### Re: Any decent cryptographic function can be described by the last part

Hashes can be used to compare files, so are useful in de-duplication, for example. Hashes can also be used as representations of user passwords, so a system that requires authentication doesn't need to store passwords.

#### Re: Any decent cryptographic function can be described by the last part

You really need to familiarise yourself with some fairly staple concepts in this field, my friend.

Such as asymmetric cryptography, or public-key cryptography : https://en.wikipedia.org/wiki/Public-key_cryptography

Pretty important part of the function of the modern Internet. In fact, take a close look at the link above and you will see that the technique would be in fact employed in the delivery of the referenced content to your browser.

#### Re: Any decent cryptographic function can be described by the last part

*You really need to familiarise yourself with some fairly staple concepts in this field, my friend.*

*Such as asymmetric cryptography, or public-key cryptography *

You really need to learn how to read. This is non-responsive. The OP asked why "encrypting information in such a way that it cannot be decrypted" describes "[a]ny decent cryptographic function" (as the original thread had it). That phrase most certainly does **not** describe asymmetric cryptography.

The phrasing in the article ("a shortened 'message digest' from which it is, ideally, impossible to recover the original information") was certainly incorrect - as others have pointed out, there's nothing "ideal" about this; by the pigeonhole principle it must be true in the general case. And it's not a useful description of a cryptographic hash anyway, as it omits critical aspects like image-collision resistance. But for some reason many of the people in the threads critiquing the article are having nearly as much trouble writing something accurate in response.

#### Spelling

I stumbled on that one as well.

That's fairly tame compared to the usual standard of John Leyden's output.

#### DES

Do has anyone actually demonstrated 3DES to be broken yet? ISTR 56-bit DES is only considered insecure because of the key length, not because anyone found anything fundamentally wrong with it? A hardware implementation of 3DES is smaller than Rijndael with an equivalent key size. Rijndael only has an advantage when done in software with no parallel processing.

#### Re: DES

3DES is not really broken, but: due to known attack methods, the 168 bit key version (triple DES keying option 1) has an effective difficulty of only 112 bits, and according to NIST the 112 bit key version (triple DES keying option 2) has an effective difficulty of only 80 bits. NIST has stated that 3DES is unsuitable for anything that needs to remain usecure beyond the year 2030.

Rijndael is evenless broken: the 128 bit key version has an effective difficulty of 126.1 bits, which is vastly better that 3DES with keying option 2 (the 3DES version with nearest keylength) and noticeability better than 3DES with option 1 which has a much longer key. The 192 bit version (the key length nearest to 3DES with option 1, which is the strongest versin of 3DES) has an effective difficulty of 189.7 bits, vastly superior to anything 3DES can do. And Rijndael also permits a 256 bit key (88 bits longer than the key length in 3DES keying option 1) with an effective difficulty of 254.4 bits.

#### Re: DES

As the article mentioned, 3DES is also significantly slower, when implemented in software on modern CPUs, than AES is.