New Hash Function workshop thoughts

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

As many of you may know, there was a workshop recently held in
Washington about hash functions; they said it would encompass assessing
SHA-1, 256, 512, and assessing where we are, and seeing if we need to
pick a new "SHA" because SHA-1 has a potential weakness which may mean
it could be compromised.  I posted the following to Bruce Schneier's
blog about my thoughts:

I'm not a cryptographer but from what I have read, I think that with
whatever the new algorithm for "SHA2" is, in the speed vs. security
(which is _roughly_ length of digest) the emphasis should be mostly on

People have shown remarkable skill at optimizing algorithms for speed
(look at all the various AES optimizations) and note that both the
strength of attacks goes up but the speed of hardware goes up as well.
If we choose an algorithm optimized for security, that has no
mathematical or algorithmic weakness (a big IF I know), we know that
hardware speeds and programming optimizations will make speed less of an
issue over time, while at the same time we can rest easy knowing that it
will probably not be brute-forced or birthday-attacked in our lifetimes.

Agree? Disagree?

One other thing to add: I think NSA should publish results of its
analysis on SHA-256 and SHA-512 on how strong they are.  Also, if they
have at least two super-secret non-public hashes, they should publish
the specs and an working source-code implementation of one of them (and
keep one of them classified) as a way to stimulate public research and a
possible "stop-gap" in case SHA-256 is not all that strong.  Remember -
their research is funded with our tax dollars!


Site Timeline