New cryptographic hash function not needed, Schneier says

Cryptographer Bruce Schneier says the upcoming SHA-3 cryptographic hash algorithm is not much better than the current one

As the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) prepares to announce the winner of its competition to find the next-generation cryptographic hash algorithm, renowned cryptographer Bruce Schneier doesn't think that a new hash function is needed at this time.

"It's probably too late for me to affect the final decision, but I am hoping for 'no award,'" Schneier said Monday in a blog post. "It's not that the new hash functions aren't any good, it's that we don't really need one."

Cryptographic hash functions have many applications in information security and are commonly used to verify data authenticity. Such functions convert a piece of information into a unique, fixed-length bit string, and should make it impossible for two different messages to result in the same string.

For example, user passwords are commonly stored in hashed form inside databases in order to prevent their exposure if the database is compromised. Every time a user attempts to authenticate against an application, a hash is computed for the password he supplies and is compared to the one already stored in the application's database.

NIST announced its public cryptographic hash algorithm competition in November 2007 with the goal of finding a new hash algorithm that would be standardized as a Federal Information Processing Standard (FIPS) called SHA-3 (Secure Hash Algorithm 3).

After five years and three selection rounds that reduced the number of candidates from 64 initially submitted functions to only five, NIST is expected to announce the winner sometime this year.

Schneier is part of the team of cryptographers who created Skein, a family of cryptographic hash functions that has been selected as one of the competition's five finalists.

The idea of standardizing a new hash function came in 2006, when it seemed like the SHA-2 family of functions wouldn't be secure for much longer because of new types of cryptanalysis, Schneier said.

"We didn't know how long the various SHA-2 variants would remain secure," the cryptographer said. "But it's 2012, and SHA-512 is still looking good."

Schneier also favors a "no award" decision at this time because, according to him, none of the SHA-3 final candidates is significantly better than the current standardized hash functions.

"Some are faster, but not orders of magnitude faster," Schneier said. "Some are smaller in hardware, but not orders of magnitude smaller."

"When SHA-3 is announced, I'm going to recommend that, unless the improvements are critical to their application, people stick with the tried and true SHA-512," the cryptographer said. "At least for a while."

"I'd say that the world could live without SHA-3, for SHA-1 and SHA-2 resisted cryptanalysis better than expected," said cryptographer Jean-Philippe Aumasson, who designed BLAKE, one of the other five SHA-3 finalist hash functions, Monday via email. "However, I often say that this is due to the 'denial of service attack' of SHA-3: these last years, most cryptanalysts focused on SHA-3 candidates, instead of SHA-1 or SHA-2."

Aumasson believes that SHA-3 will be more secure than SHA-2 in certain aspects and, if Skein or BLAKE will be chosen as a winner, it will also be noticeably faster on the latest desktop and server CPUs from Intel and AMD.

"All the five SHA-3 finalists are believed to satisfy the strongest theoretical security definition, unlike SHA-2," Aumasson said. "However, this does not undermine SHA-2's actual security when used properly."

The fact that the expected attacks against SHA-1 and SHA-2 never materialized is a good thing, but the cryptographic community shouldn't be complacent about it, Matthew D. Green, an assistant research professor who teaches cryptography at the Johns Hopkins Information Security Institute, said Monday via email.

"The point of this competition was not just to replace SHA2, but to develop a collection of new defensive techniques so that we can deal with attacks if they ever arrive," Green said. "And it was also intended to advance our knowledge in the area of hash function design. It's done a great job of that."

Green is concerned that if NIST doesn't select a winner this time, a future competition of this nature would not be met with the same level of enthusiasm from cryptographers.

"One place I absolutely agree with Bruce is that we should take our time transitioning from SHA2 to whichever function becomes SHA3," Green said. "But what's great about this competition is that we'll at least have something to transition to."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments





Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?