[Cryptography] Sha3
Dan Kaminsky
dan at doxpara.com
Fri Oct 4 19:09:32 EDT 2013
Because not being fast enough means you don't ship. You don't ship, you
didn't secure anything.
Performance will in fact trump security. This is the empirical reality.
There's some budget for performance loss. But we have lots and lots of
slow functions. Fast is the game.
(Now, whether my theory that we stuck with MD5 over SHA1 because variable
field lengths are harder to parse in C -- that's an open question to say
the least.)
On Tuesday, October 1, 2013, Ray Dillinger wrote:
> What I don't understand here is why the process of selecting a standard
> algorithm for cryptographic primitives is so highly focused on speed.
>
> We have machines that are fast enough now that while speed isn't a non
> issue, it is no longer nearly as important as the process is giving it
> precedence for.
>
> Our biggest problem now is security, not speed. I believe that it's a bit
> silly to aim for a minimum acceptable security achievable within the
> context of speed while experience shows that each new class of attacks is
> usually first seen against some limited form of the cipher or found to be
> effective only if the cipher is not carried out to a longer process.
>
>
>
> -------- Original message --------
> From: John Kelsey <crypto.jmk at gmail.com <javascript:_e({}, 'cvml',
> 'crypto.jmk at gmail.com');>>
> Date: 09/30/2013 17:24 (GMT-08:00)
> To: "cryptography at metzdowd.com <javascript:_e({}, 'cvml',
> 'cryptography at metzdowd.com');> List" <cryptography at metzdowd.com<javascript:_e({}, 'cvml', 'cryptography at metzdowd.com');>>
>
> Subject: [Cryptography] Sha3
>
>
> If you want to understand what's going on wrt SHA3, you might want to look
> at the nist website, where we have all the slide presentations we have been
> giving over the last six months detailing our plans. There is a lively
> discussion going on at the hash forum on the topic.
>
> This doesn't make as good a story as the new sha3 being some hell spawn
> cooked up in a basement at Fort Meade, but it does have the advantage that
> it has some connection to reality.
>
> You might also want to look at what the Keccak designers said about what
> the capacities should be, to us (they put their slides up) and later to
> various crypto conferences.
>
> Or not.
>
> --John
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com <javascript:_e({}, 'cvml',
> 'cryptography at metzdowd.com');>
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131004/f140c5c6/attachment.html>
More information about the cryptography
mailing list