<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Looking at Zooko et al's formative thoughts at [1] it is possible to
suggest some conclusions.<br>
<br>
If we start with the table at Figure 1 we can see by eyeball there
is a clear trend towards hashes losing their collision protection
after some period of time. Leading to observation 1: Calculating
the batting average [2] for all hashes before SHA2 (around 2000), I
get 14 years before your average message digest is out.<br>
<br>
Then, if we look at Figure 2 we can see ... a sea of green! Except
for one outlier, hashes are safe against 2nd pre-image.<br>
<br>
Which leads to the possible suggestion of guidelines in use of
secure message digests. Observation 2:<br>
<br>
1. pick a modern message digest.<br>
2. fix for collision resistance by (eg) using a nonce.<br>
3. TRUST YOUR HASH !!!<br>
<br>
This is empirical observation - we now have 25 years experience in
hashes on which to lean, so we should use it.<br>
<br>
One might seize on the outlier - Snefru-2 - of which Zooko et al
says<i>:<br>
</i>
<blockquote><i><span style="color: rgb(51, 51, 51); font-size: 16px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 25.6px; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: 1; word-spacing: 0px; display: inline !
important; float: none; background-color: rgb(255, 255, 255);"><i>"</i>That
single exception is the second-oldest secure hash function
ever designed,<span class="Apple-converted-space"> </span></span></i><em
style="box-sizing: border-box; color: rgb(51, 51, 51);
font-size: 16px; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 25.6px; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 1; word-spacing: 0px; background-color: rgb(255, 255,
255);">Snefru</em><i><span style="color: rgb(51, 51, 51);
font-size: 16px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
25.6px; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: 1; word-spacing: 0px;
display: inline ! important; float: none; background-color:
rgb(255, 255, 255);">, which was designed in 1989 and 1990,
and which turned out to be vulnerable to differential
cryptanalysis. Differential cryptanalysis was discovered (by
the open research community) in 1990."</span></i><br>
</blockquote>
The problem with this is that it is literally an outlier, and there
is no engineering sanity in creating protocol elements for dealing
with such rare conditions, especially when there is plenty of other
noise going on such as frequent protocol and coding breaks.
Observation 3 would then be, there is very little support for
algorithm agility here. Do not code up algorithm agility for
hashes, alone.<br>
<br>
It would be very interesting to see the same depth of research in
other algorithm classes.<br>
<br>
<br>
<br>
iang<br>
<br>
<br>
<br>
[1] <a class="moz-txt-link-freetext"
href="https://tahoe-lafs.org/%7Ezooko/preimage-attacks-color.html">https://tahoe-lafs.org/~zooko/preimage-attacks-color.html</a><br>
See disclaimer and warning - we're not meant to read it unless we
collaborate!<br>
[2] I'm using the cricket formula:<br>
batting average = (21 1 5 14 12 11 13 14 10 14 19 9 15) / 11<br>
</body>
</html>