[Cryptography] SHA-3 FIPS-202: no SHAKE512 but SHAKE128; confusing SHAKE security
Krisztián Pintér
pinterkr at gmail.com
Sat Aug 8 18:53:12 EDT 2015
Watson Ladd (at Sunday, August 9, 2015, 12:18:38 AM):
>> here comes the crypto celebrity mob. schneier and the like were quick
>> to jump on the "NIST weakens crypto again" bandwagon. the entire thing
>> was shameful. to save its nonexistent reputation, NIST backed off, and
>> decided to standardize the original stupid parameters. congrats to
>> everyone involved, djb included!
> That's missing part of the story. NIST had eliminated CubeHash on the
> basis that its preimage resistance was insufficient, in favor of
> Keccak parameters which had been designed for their ridiculous
> requirements. This elimination happened going into the final round.
> Once that requirement was dropped, they would have had to redo a bunch
> of things to be fair to everyone.
if NIST had restarted the competition, that would have been a good
solution, though time consuming. standardizing a subpar algorithm
(parameter set) is not a good solution. crypto celebrities babbling
just to get clicks on their blogs is also not good.
More information about the cryptography
mailing list