Hey.
Not sure whether this has been pointed out / discussed here already (but
I guess Perry will reject my mail in case it has):
https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3
This makes NIST seem somehow like liars,... on the one hand they claim
to surprised by the alleged
On Mon, 2013-09-30 at 14:44 +, Viktor Dukhovni wrote:
If SHA-3 is going to be used, it needs to offer some advantages
over SHA-2. Good performance and built-in support for tree hashing
(ZFS, ...) are acceptable reasons to make the trade-off explained
on slides 34, 35 and 36 of:
Well I
On Tue, 2013-10-01 at 02:34 -0700, Ray Dillinger wrote:
What I don't understand here is why the process of selecting a
standard algorithm for cryptographic primitives is so highly focused
on speed.
We have machines that are fast enough now that while speed isn't a non
issue, it is no
On Tue, 2013-10-01 at 12:47 -0400, John Kelsey wrote:
The actual technical question is whether an across the board 128 bit
security level is sufficient for a hash function with a 256 bit
output. This weakens the proposed SHA3-256 relative to SHA256 in
preimage resistance, where SHA256 is
On Sat, 2013-10-05 at 12:18 -0700, james hughes wrote:
and the authors state that
You know why other people than the authors are doing cryptoanalysis on
algorithms? Simply because the authors may also oversee something in the
analysis of their own algorithm.
So while the argument the original
