more on NIST hash competition
Paul Hoffman
paul.hoffman at vpnc.org
Fri Jan 26 10:54:11 EST 2007
At 9:30 PM +1300 1/25/07, Peter Gutmann wrote:
>=?UTF-8?B?SXZhbiBLcnN0acSH?= <krstic at solarsail.hcs.harvard.edu> writes:
>>Perry E. Metzger wrote:
>>> http://www.csrc.nist.gov/pki/HashWorkshop/index.html
>>
>>I'm completely unfamiliar with the way NIST operates, but I've been wondering
>>for years why they haven't organized this competition already. Do we have a
>>list veteran who can shed some light on why it took them this long? My
>>curiosity demands to know.
>
>The AES competition was already a severe resource drain, running another one
>for an AHS would have been prohibitive, until the clear signs that SHA was in
>real trouble made it more palatable.
This is an incorrect interpretation, I believe. The NIST folks at the
workshop said a few times that they were not worried about SHA-1
because they have already deprecated it beginning at the end of 2010.
That leaves only SHA-2, in which they said they had sufficient
confidence. Further, no one publicly expressed worry at the workshop
that SHA-2 would have any significant breaks in the near future.
The dates on the competition timeline shows that AHS (cute name,
Peter!) is not meant as a replacement for SHA-2, given that it won't
be selected until after SHA-1 needs to stop being used.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list