[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5
zooko at leastauthority.com
Mon Mar 24 14:35:51 EDT 2014
On Mon, Mar 24, 2014 at 2:36 PM, Jerry Leichter <leichter at lrw.com> wrote:
>>> […] SHA-2 was published in 2001 but was under suspicion by 2012 or so - 13 years. Based on this history, it would be prudent to assume a maximum practical lifetime for a cryptographic hash function to be around 15 years.
> Note that the cloud over SHA-2 has lifted, so it has the opportunity to extend its run. That leaves it, at 15 years, the champion of cryptographic hash functions.
I'm compiling a history of such things, and I have SHA-2 as published
in 2002 in FIPS 180-2 ¹. Is there an earlier publication of SHA-2 that
I could reference? Thanks.
And by the way, I'd name Tiger as the champion hash function:
published in 1996 ², deployed in the real world ³, widely studied ⁴,
and we still don't know of any way to break it. On top of all that it
is almost twice as efficient (in software on 64-bit CPUs) as some
others such as SHA-2 or RIPEMD-160, which makes its longevity all the
more noteworthy. (Because there is a trade-off between CPU efficiency
and safety in hash functions.)
RIPEMD-160 is another candidate for champion: also published in 1996
⁵, widely studied ⁶ , used in practice, and no known weaknesses —
except that its output size is a little too short for the 21st
century. If only it had been RIPEMD-192 instead of RIPEMD-160 then it
would look at least as good as Tiger looks today.
This isn't to detract from SHA-2's greatness of course. As I wrote in
https://leastauthority.com/blog/, SHA-2 has been the most
widely-recommended standard for more than half a decade, and it too
shows no sign of weakness.
Oh, and Tiger and RIPEMD-160 were both designed without help from NSA,
as far as I know.
More information about the cryptography