[Cryptography] NIST about to weaken SHA3?

James A. Donald jamesd at echeque.com
Mon Sep 30 03:45:52 EDT 2013

On 2013-09-30 14:34, Viktor Dukhovni wrote:
> On Mon, Sep 30, 2013 at 05:12:06AM +0200, Christoph Anton Mitterer wrote:
>> Not sure whether this has been pointed out / discussed here already (but
>> I guess Perry will reject my mail in case it has):
>> https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3
> I call FUD.  If progress is to be made, fight the right fights.
> The SHA-3 specification was not "weakened", the blog confuses the
> effective security of the algorithtm with the *capacity* of the
> sponge construction.

SHA3 has been drastically weakened from the proposal that was submitted 
and cryptanalyzed:  See for example slides 43 and 44 of

More information about the cryptography mailing list