New cryptographic hash function not needed, Schneier says

Cryptographer Bruce Schneier says the upcoming SHA-3 cryptographic hash algorithm is not much better than the current one

As the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) prepares to announce the winner of its competition to find the next-generation cryptographic hash algorithm, renowned cryptographer Bruce Schneier doesn't think that a new hash function is needed at this time.

"It's probably too late for me to affect the final decision, but I am hoping for 'no award,'" Schneier said Monday in a blog post. "It's not that the new hash functions aren't any good, it's that we don't really need one."

Cryptographic hash functions have many applications in information security and are commonly used to verify data authenticity. Such functions convert a piece of information into a unique, fixed-length bit string, and should make it impossible for two different messages to result in the same string.

For example, user passwords are commonly stored in hashed form inside databases in order to prevent their exposure if the database is compromised. Every time a user attempts to authenticate against an application, a hash is computed for the password he supplies and is compared to the one already stored in the application's database.

NIST announced its public cryptographic hash algorithm competition in November 2007 with the goal of finding a new hash algorithm that would be standardized as a Federal Information Processing Standard (FIPS) called SHA-3 (Secure Hash Algorithm 3).

After five years and three selection rounds that reduced the number of candidates from 64 initially submitted functions to only five, NIST is expected to announce the winner sometime this year.

Schneier is part of the team of cryptographers who created Skein, a family of cryptographic hash functions that has been selected as one of the competition's five finalists.

The idea of standardizing a new hash function came in 2006, when it seemed like the SHA-2 family of functions wouldn't be secure for much longer because of new types of cryptanalysis, Schneier said.

"We didn't know how long the various SHA-2 variants would remain secure," the cryptographer said. "But it's 2012, and SHA-512 is still looking good."

Schneier also favors a "no award" decision at this time because, according to him, none of the SHA-3 final candidates is significantly better than the current standardized hash functions.

"Some are faster, but not orders of magnitude faster," Schneier said. "Some are smaller in hardware, but not orders of magnitude smaller."

"When SHA-3 is announced, I'm going to recommend that, unless the improvements are critical to their application, people stick with the tried and true SHA-512," the cryptographer said. "At least for a while."

"I'd say that the world could live without SHA-3, for SHA-1 and SHA-2 resisted cryptanalysis better than expected," said cryptographer Jean-Philippe Aumasson, who designed BLAKE, one of the other five SHA-3 finalist hash functions, Monday via email. "However, I often say that this is due to the 'denial of service attack' of SHA-3: these last years, most cryptanalysts focused on SHA-3 candidates, instead of SHA-1 or SHA-2."

Aumasson believes that SHA-3 will be more secure than SHA-2 in certain aspects and, if Skein or BLAKE will be chosen as a winner, it will also be noticeably faster on the latest desktop and server CPUs from Intel and AMD.

"All the five SHA-3 finalists are believed to satisfy the strongest theoretical security definition, unlike SHA-2," Aumasson said. "However, this does not undermine SHA-2's actual security when used properly."

The fact that the expected attacks against SHA-1 and SHA-2 never materialized is a good thing, but the cryptographic community shouldn't be complacent about it, Matthew D. Green, an assistant research professor who teaches cryptography at the Johns Hopkins Information Security Institute, said Monday via email.

"The point of this competition was not just to replace SHA2, but to develop a collection of new defensive techniques so that we can deal with attacks if they ever arrive," Green said. "And it was also intended to advance our knowledge in the area of hash function design. It's done a great job of that."

Green is concerned that if NIST doesn't select a winner this time, a future competition of this nature would not be met with the same level of enthusiasm from cryptographers.

"One place I absolutely agree with Bruce is that we should take our time transitioning from SHA2 to whichever function becomes SHA3," Green said. "But what's great about this competition is that we'll at least have something to transition to."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?