Yes, when the SHA-3 process was launched—in the exciting time when MD5
and SHA-1 had been dramatically shown to be weak—it seemed like we
were in danger of waking up one day and finding out that we had no
strong hash functions left. It was prudent to get started on SHA-3
ASAP in order to have an
But as SHA-2 is still a pure Merkle–Damgård construction it deviates
from an ideal pseudorandom function or random oracle in a couple of
ways.
Firstly, and most significantly, it is subject to length extension
attacks. This means that given a hash value of some secret message,
we can
http://h-online.com/-1498071
With a successor to Secure Hash Algorithm 2 (SHA-2) due to be crowned
in the summer, questions are being asked as to whether a new
cryptographic standard is really necessary. Hash functions, used to
calculate short numbers from large data sets to allow the
On 04/09/2012 07:00 AM, Jeffrey Walton wrote:
http://h-online.com/-1498071
none of the five finalists
are affected by known attacks on MD5, SHA-1 and SHA-2 and the
Merkle-Damgård construction on which all three are based.
Well, gee, isn't that enough?
True, one thing we've learned from the
On 10/04/12 02:40 AM, Marsh Ray wrote:
On 04/09/2012 07:00 AM, Jeffrey Walton wrote:
http://h-online.com/-1498071
none of the five finalists are affected by known attacks on MD5,
SHA-1 and SHA-2 and the Merkle-Damgård construction on which all
three are based.
Well, gee, isn't that enough?