[Cryptography] simple guidelines to using message digests

ianG iang at iang.org
Sat Jan 9 21:24:22 EST 2016


Looking at Zooko et al's formative thoughts at [1] it is possible to 
suggest some conclusions.

If we start with the table at Figure 1 we can see by eyeball there is a 
clear trend towards hashes losing their collision protection after some 
period of time.  Leading to observation 1: Calculating the batting 
average [2] for all hashes before SHA2 (around 2000), I get 14 years 
before your average message digest is out.

Then, if we look at Figure 2 we can see ... a sea of green!  Except for 
one outlier, hashes are safe against 2nd pre-image.

Which leads to the possible suggestion of guidelines in use of secure 
message digests.  Observation 2:

     1.  pick a modern message digest.
     2.  fix for collision resistance by (eg) using a nonce.
     3.  TRUST YOUR HASH !!!

This is empirical observation - we now have 25 years experience in 
hashes on which to lean, so we should use it.

One might seize on the outlier - Snefru-2 - of which Zooko et al says/:
/

    //"/That single exception is the second-oldest secure hash function
    ever designed,//Snefru//, which was designed in 1989 and 1990, and
    which turned out to be vulnerable to differential cryptanalysis.
    Differential cryptanalysis was discovered (by the open research
    community) in 1990."/

The problem with this is that it is literally an outlier, and there is 
no engineering sanity in creating protocol elements for dealing with 
such rare conditions, especially when there is plenty of other noise 
going on such as frequent protocol and coding breaks. Observation 3 
would then be, there is very little support for algorithm agility here.  
Do not code up algorithm agility for hashes, alone.

It would be very interesting to see the same depth of research in other 
algorithm classes.



iang



[1] https://tahoe-lafs.org/~zooko/preimage-attacks-color.html
See disclaimer and warning - we're not meant to read it unless we 
collaborate!
[2] I'm using the cricket formula:
batting average = (21 1 5 14 12 11 13 14 10 14 19 9 15) / 11
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160110/b4654b58/attachment.html>


More information about the cryptography mailing list