Sign in / up

back to article SHA-3 hash finalist Schneier calls for halt in crypto contest

A US government agency will soon announce which of five remaining candidate algorithms will become SHA-3, the new hash function to replace SHA-1 and SHA-2. The latter is a key component in various security technologies, from SSL and SSH to PGP and IPsec, and must be used by law in certain US government applications. The US …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. John H Woods Silver badge

    Clarification

    "A cryptographic hash algorithm converts data into a shortened "message digest" from which it is, ideally, impossible to recover the original information. "

    Any decent cryptographic function can be described by the last part of this sentence, whereas cryptographic has algorithms are a special class of these. Can I suggest

    "A cryptographic hash algorithm converts data into a shortened "message digest" such that it is not only extremely unlikely that different data will have identical digests, but that it would be computationally infeasible to create data that would yield some given digest.

    6 3
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Bad clarification!

      Firstly, it is not "extremely unlikely that different data will have identical digests"; it is a certainty that different data will have identical digests, seeing as the set of data values is infinite and the set of digest values is finite.

      Secondly, a secure hash needs to have the property that is very difficult to create two different data values that give the same hash value, which is a significantly stronger condition than what you wrote. For example, MD5 is broken according to one criterion, but not yet according to the other (at least not publicly).

      0 0
  2. Spearchucker Jones
    Headmaster

    Cool.

    Just replace "such that" (WTF?!?) with "so that".

    0 3
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Not Cool

      His choice of words is both perfectly valid and in my opinion superior to your suggestion.

      If you're going to pick fault with a construction that you do not recognise, you could save yourself face by actually checking you're correct first.

      I mean, if only you were sitting in front of a general-purpose computing device with connectivity to a world-wide and information-rich network accessible at a few keystrokes...

      0 2
      1. Spearchucker Jones
        Reply Icon
        FAIL

        Re: Not Cool

        I didn't say it was incorrect.

        0 2
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Not Cool

          You didn't?

          So you made the effort to write a comment, *instructing* the OP to change his wording, using the grammar Nazi icon, and expressing surprise and confusion with a "WTF?!?" and even employing excessive punctuation - for what purpose exactly?

          I think most people would determine based on the evidence that you were in fact insinuating that it was incorrect, and that this was the sole reason for your post. It certainly has no other use or relevance.

          0 2
  3. Anonymous Coward
    Anonymous Coward

    Re: Any decent cryptographic function can be described by the last part

    So encrypting information in such a way that it cannot be decrypted is useful how, exactly?

    0 2
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Any decent cryptographic function can be described by the last part

      > So encrypting information in such a way that it cannot be decrypted is useful how, exactly?

      Digital Signatures ...

      0 0
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Any decent cryptographic function can be described by the last part

        "Digital signatures" - that's rather specific, and more than a little obvious considering the content of the article. I was asking more generally, because he wrote "any" decent cryptographic function, not "some".

        0 1
        1. Spearchucker Jones
          Reply Icon

          Re: Any decent cryptographic function can be described by the last part

          Hashes can be used to compare files, so are useful in de-duplication, for example. Hashes can also be used as representations of user passwords, so a system that requires authentication doesn't need to store passwords.

          0 2
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Any decent cryptographic function can be described by the last part

      You really need to familiarise yourself with some fairly staple concepts in this field, my friend.

      Such as asymmetric cryptography, or public-key cryptography : https://en.wikipedia.org/wiki/Public-key_cryptography

      Pretty important part of the function of the modern Internet. In fact, take a close look at the link above and you will see that the technique would be in fact employed in the delivery of the referenced content to your browser.

      0 1
      1. Michael Wojcik Silver badge
        Reply Icon

        Re: Any decent cryptographic function can be described by the last part

        You really need to familiarise yourself with some fairly staple concepts in this field, my friend.

        Such as asymmetric cryptography, or public-key cryptography

        You really need to learn how to read. This is non-responsive. The OP asked why "encrypting information in such a way that it cannot be decrypted" describes "[a]ny decent cryptographic function" (as the original thread had it). That phrase most certainly does not describe asymmetric cryptography.

        The phrasing in the article ("a shortened 'message digest' from which it is, ideally, impossible to recover the original information") was certainly incorrect - as others have pointed out, there's nothing "ideal" about this; by the pigeonhole principle it must be true in the general case. And it's not a useful description of a cryptographic hash anyway, as it omits critical aspects like image-collision resistance. But for some reason many of the people in the threads critiquing the article are having nearly as much trouble writing something accurate in response.

        1 1
  4. Anonymous Coward
    Anonymous Coward

    And there has to be a Back Orifice

    ... for the NSA.

    1 2
  5. Nick Kew

    If it ain't broke ...

    ... fix it, until it is.

    3 0
  6. Mystic Megabyte
    Headmaster

    "this does some likely - then it could do worse"

    You lost me there.

    0 0
    1. Tim Parker
      Reply Icon

      "this does some likely - then it could do worse"

      You lost me there.

      s/some/seem/

      0 0
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Spelling

      I stumbled on that one as well.

      That's fairly tame compared to the usual standard of John Leyden's output.

      0 0
  7. Anonymous Coward
    Anonymous Coward

    DES

    Do has anyone actually demonstrated 3DES to be broken yet? ISTR 56-bit DES is only considered insecure because of the key length, not because anyone found anything fundamentally wrong with it? A hardware implementation of 3DES is smaller than Rijndael with an equivalent key size. Rijndael only has an advantage when done in software with no parallel processing.

    0 0
    1. Arthur Dent
      Reply Icon
      Boffin

      Re: DES

      3DES is not really broken, but: due to known attack methods, the 168 bit key version (triple DES keying option 1) has an effective difficulty of only 112 bits, and according to NIST the 112 bit key version (triple DES keying option 2) has an effective difficulty of only 80 bits. NIST has stated that 3DES is unsuitable for anything that needs to remain usecure beyond the year 2030.

      Rijndael is evenless broken: the 128 bit key version has an effective difficulty of 126.1 bits, which is vastly better that 3DES with keying option 2 (the 3DES version with nearest keylength) and noticeability better than 3DES with option 1 which has a much longer key. The 192 bit version (the key length nearest to 3DES with option 1, which is the strongest versin of 3DES) has an effective difficulty of 189.7 bits, vastly superior to anything 3DES can do. And Rijndael also permits a 256 bit key (88 bits longer than the key length in 3DES keying option 1) with an effective difficulty of 254.4 bits.

      0 0
      1. Michael Wojcik Silver badge
        Reply Icon

        Re: DES

        As the article mentioned, 3DES is also significantly slower, when implemented in software on modern CPUs, than AES is.

        0 0
This topic is closed for new posts.