[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5

ianG iang at iang.org
Mon Mar 24 11:51:59 EDT 2014

On 24/03/2014 14:36 pm, Jerry Leichter wrote:

> BTW, another embarrassing thing to note is that having some tweaking done by the NSA is correlated with longevity - at least for block ciphers and cryptographic hash functions.  You can interpret this in many ways, but it certainly hints that at least as of 15 or so years ago, the NSA appeared to still have some "secret sauce" that the open community did not.  (In the case of asymmetric crypto, and especially signatures, they seem to have used their abilities to damage the standardization process.  As far as we can tell, they did the opposite for symmetric crypto and hash functions.  Different time?  Different organizations with the NSA?  Something we still don't even have a clue about concerning symmetric crypto and hash functions?  Impossible to say at this point.)

I would speculate it comes down to complexity.  PK is beyond many
people, I include myself, but I also look askance at cryptographers and
cryptoplumbers, where they don't work together.

Block ciphers and hashes are hard to get wrong in ordinary use.  And
it's getting harder, especially when AE lands.

In contrast, PK is hard to get right in ordinary use.  Same with RNGs,
as it happens...

If we look at what they have done with the standards, there is tendency
to make hard things more complex, and to create a bounty of
implementation errors.  They are exploiting the natural tendency for
cryptographers to create complicated and unwieldly designs, and for
implementors to rush through their code without review.

If we look at the successes of say AES comp and NaCl family, we find
that the implementation is delivered as part of the product.  In both
cases, there was little distance between what the crypto said and what
the code said.  Blake(2) also is able to benefit from this.

Whereas, the source for good RSA or DSA info is spread over a variety of
places .. and times and peoples and licences and and and.

This is all speculation tho, based on strategy of intervention and
observation.  I'm not taking it to the bank.


More information about the cryptography mailing list