[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5

Jerry Leichter leichter at lrw.com
Mon Mar 24 10:36:08 EDT 2014 

>> MD5 was published in 1992 and was considered broken by 2004 - 12 years.  SHA-1 was published in 1995 but by 2005 - 10 years later - was considered to be weak.  An almost-practical attack was published in 2011.  SHA-2 was published in 2001 but was under suspicion by 2012 or so - 13 years.  Based on this history, it would be prudent to assume a maximum practical lifetime for a cryptographic hash function to be around 15 years.
> Ahem - SHA0 was also in there, and lasted about a month?  Brings the
> batting average down a bit.
It's easy to make the "batting average" go down - there are tons of failed proposals; some of them fail embarrassingly late.  What I was trying to do is look at the lifetimes of "the best of the best".

Note that the cloud over SHA-2 has lifted, so it has the opportunity to extend its run.  That leaves it, at 15 years, the champion of cryptographic hash functions.

BTW, another embarrassing thing to note is that having some tweaking done by the NSA is correlated with longevity - at least for block ciphers and cryptographic hash functions.  You can interpret this in many ways, but it certainly hints that at least as of 15 or so years ago, the NSA appeared to still have some "secret sauce" that the open community did not.  (In the case of asymmetric crypto, and especially signatures, they seem to have used their abilities to damage the standardization process.  As far as we can tell, they did the opposite for symmetric crypto and hash functions.  Different time?  Different organizations with the NSA?  Something we still don't even have a clue about concerning symmetric crypto and hash functions?  Impossible to say at this point.)
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140324/8b1b844c/attachment.bin>

More information about the cryptography mailing list