MD6 withdrawn from SHA-3 competition
Hal Finney
hal at finney.org
Sat Jul 4 13:39:21 EDT 2009
Rivest:
> Thus, while MD6 appears to be a robust and secure cryptographic
> hash algorithm, and has much merit for multi-core processors,
> our inability to provide a proof of security for a
> reduced-round (and possibly tweaked) version of MD6 against
> differential attacks suggests that MD6 is not ready for
> consideration for the next SHA-3 round.
But how many other hash function candidates would also be excluded if
such a stringent criterion were applied? Or turning it around, if NIST
demanded a proof of immunity to differential attacks as Rivest proposed,
how many candidates have offered such a proof, in variants fast enough
to beat SHA-2?
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list