[Cryptography] simple guidelines to using message digests
ianG
iang at iang.org
Sat Jan 9 21:24:22 EST 2016
Looking at Zooko et al's formative thoughts at [1] it is possible to
suggest some conclusions.
If we start with the table at Figure 1 we can see by eyeball there is a
clear trend towards hashes losing their collision protection after some
period of time. Leading to observation 1: Calculating the batting
average [2] for all hashes before SHA2 (around 2000), I get 14 years
before your average message digest is out.
Then, if we look at Figure 2 we can see ... a sea of green! Except for
one outlier, hashes are safe against 2nd pre-image.
Which leads to the possible suggestion of guidelines in use of secure
message digests. Observation 2:
1. pick a modern message digest.
2. fix for collision resistance by (eg) using a nonce.
3. TRUST YOUR HASH !!!
This is empirical observation - we now have 25 years experience in
hashes on which to lean, so we should use it.
One might seize on the outlier - Snefru-2 - of which Zooko et al says/:
/
//"/That single exception is the second-oldest secure hash function
ever designed,//Snefru//, which was designed in 1989 and 1990, and
which turned out to be vulnerable to differential cryptanalysis.
Differential cryptanalysis was discovered (by the open research
community) in 1990."/
The problem with this is that it is literally an outlier, and there is
no engineering sanity in creating protocol elements for dealing with
such rare conditions, especially when there is plenty of other noise
going on such as frequent protocol and coding breaks. Observation 3
would then be, there is very little support for algorithm agility here.
Do not code up algorithm agility for hashes, alone.
It would be very interesting to see the same depth of research in other
algorithm classes.
iang
[1] https://tahoe-lafs.org/~zooko/preimage-attacks-color.html
See disclaimer and warning - we're not meant to read it unless we
collaborate!
[2] I'm using the cricket formula:
batting average = (21 1 5 14 12 11 13 14 10 14 19 9 15) / 11
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160110/b4654b58/attachment.html>
More information about the cryptography
mailing list