On Fri Apr 13 23:36:26 EDT 2012 Zooko Wilcox-O'Hearn zooko at zooko.com wrote:
> I guess that's one really good thing about SHA-3 is that the next generation > of > those web developers, after SHA-2 is removed from standard libraries, will > accidentally have safe auth. :-) > > I really don't know when that will be, though. > NSA designed SHA-2 to stay in libraries for a long time. Length extension is not an issue for SHA-2 anymore with SHA-512/256. That is a double-pipe hash function perfectly secure against length-extension attack. On 64-bit platforms SHA512 and SHA512/256 is almost as fast as Skein and Blake (one of which will be the next SHA-3), and according to [1], "Furthermore, even the fastest finalists will probably offer only a small performance advantage over the current SHA-256 and SHA-512 implementations." However, since SHA-2 and (to be SHA-3) are 2, 3 or even 4 times slower than MD5 or SHA-1, and NIST running the SHA-3 competition changed their own initial goal SHA-3 to be significantly faster than SHA-2, I expect in the following period several other influential international players in the area of standardizing cryptographic primitives to use that strategic mistake done by NIST, and to push for a hash standard that will be significantly faster than SHA-2 and SHA-3. Remember RIPEMD-160? RIPEMD-160 was proposed and backed up by EU, but being many times slower than MD5 and SHA-1, it never became popular industrial choice. It was nice academic design but not accepted by the industry. Now I expect EU to use the opportunity and finally back up a hash function that industry will prefer. But I see also that Russia, China and Japan can also use the NIST's screw up with the performance of SHA-3 and will try to take over the industrial primacy with their own hash function. At the end, supremacy in setting up cryptographic standards is what will bring reputation, trust and strategic positioning in the world that in the following years will digest exabytes per hour. SO: I expect a new hash competition (run by EU, Russia, China or Japan) where US SHA-3 standard will be a reference point and the goal will be to design 256 and 512 bits hash function that is 3-4 times faster than SHA-3. Regards, David Adamson Jr [1] Shay Gueron, Vlad Krasnov, "Parallelizing message schedules to accelerate the computations of hash functions" _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography