New cryptographic hash function not needed, Schneier says

Cryptographer Bruce Schneier says the upcoming SHA-3 cryptographic hash algorithm is not much better than the current one

As the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) prepares to announce the winner of its competition to find the next-generation cryptographic hash algorithm, renowned cryptographer Bruce Schneier doesn't think that a new hash function is needed at this time.

"It's probably too late for me to affect the final decision, but I am hoping for 'no award,'" Schneier said Monday in a blog post. "It's not that the new hash functions aren't any good, it's that we don't really need one."

Cryptographic hash functions have many applications in information security and are commonly used to verify data authenticity. Such functions convert a piece of information into a unique, fixed-length bit string, and should make it impossible for two different messages to result in the same string.

For example, user passwords are commonly stored in hashed form inside databases in order to prevent their exposure if the database is compromised. Every time a user attempts to authenticate against an application, a hash is computed for the password he supplies and is compared to the one already stored in the application's database.

NIST announced its public cryptographic hash algorithm competition in November 2007 with the goal of finding a new hash algorithm that would be standardized as a Federal Information Processing Standard (FIPS) called SHA-3 (Secure Hash Algorithm 3).

After five years and three selection rounds that reduced the number of candidates from 64 initially submitted functions to only five, NIST is expected to announce the winner sometime this year.

Schneier is part of the team of cryptographers who created Skein, a family of cryptographic hash functions that has been selected as one of the competition's five finalists.

The idea of standardizing a new hash function came in 2006, when it seemed like the SHA-2 family of functions wouldn't be secure for much longer because of new types of cryptanalysis, Schneier said.

"We didn't know how long the various SHA-2 variants would remain secure," the cryptographer said. "But it's 2012, and SHA-512 is still looking good."

Schneier also favors a "no award" decision at this time because, according to him, none of the SHA-3 final candidates is significantly better than the current standardized hash functions.

"Some are faster, but not orders of magnitude faster," Schneier said. "Some are smaller in hardware, but not orders of magnitude smaller."

"When SHA-3 is announced, I'm going to recommend that, unless the improvements are critical to their application, people stick with the tried and true SHA-512," the cryptographer said. "At least for a while."

"I'd say that the world could live without SHA-3, for SHA-1 and SHA-2 resisted cryptanalysis better than expected," said cryptographer Jean-Philippe Aumasson, who designed BLAKE, one of the other five SHA-3 finalist hash functions, Monday via email. "However, I often say that this is due to the 'denial of service attack' of SHA-3: these last years, most cryptanalysts focused on SHA-3 candidates, instead of SHA-1 or SHA-2."

Aumasson believes that SHA-3 will be more secure than SHA-2 in certain aspects and, if Skein or BLAKE will be chosen as a winner, it will also be noticeably faster on the latest desktop and server CPUs from Intel and AMD.

"All the five SHA-3 finalists are believed to satisfy the strongest theoretical security definition, unlike SHA-2," Aumasson said. "However, this does not undermine SHA-2's actual security when used properly."

The fact that the expected attacks against SHA-1 and SHA-2 never materialized is a good thing, but the cryptographic community shouldn't be complacent about it, Matthew D. Green, an assistant research professor who teaches cryptography at the Johns Hopkins Information Security Institute, said Monday via email.

"The point of this competition was not just to replace SHA2, but to develop a collection of new defensive techniques so that we can deal with attacks if they ever arrive," Green said. "And it was also intended to advance our knowledge in the area of hash function design. It's done a great job of that."

Green is concerned that if NIST doesn't select a winner this time, a future competition of this nature would not be met with the same level of enthusiasm from cryptographers.

"One place I absolutely agree with Bruce is that we should take our time transitioning from SHA2 to whichever function becomes SHA3," Green said. "But what's great about this competition is that we'll at least have something to transition to."

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?