On 5 October 2013 20:18, james hughes hugh...@mac.com wrote:
On Oct 5, 2013, at 12:00 PM, John Kelsey crypto@gmail.com wrote:
http://keccak.noekeon.org/yes_this_is_keccak.html
From the authors: NIST's current proposal for SHA-3 is a subset of the
Keccak family, one can generate the test
On Sat, 2013-10-05 at 12:18 -0700, james hughes wrote:
and the authors state that
You know why other people than the authors are doing cryptoanalysis on
algorithms? Simply because the authors may also oversee something in the
analysis of their own algorithm.
So while the argument the original
On 2013-10-04 23:57, Phillip Hallam-Baker wrote:
Oh and it seems that someone has murdered the head of the IRG cyber
effort. I condemn it without qualification.
I endorse it without qualification. The IRG are bad guys and need
killing - all of them, every single one.
War is an honorable
One thing that seems clear to me: When you talk about algorithm flexibility in
a protocol or product, most people think you are talking about the ability to
add algorithms. Really, you are talking more about the ability to *remove*
algorithms. We still have stuff using MD5 and RC4 (and we'll
On Oct 5, 2013, at 2:00 PM, John Gilmore wrote:
b. There are low-end environments where performance really does
matter. Those often have rather different properties than other
environments--for example, RAM or ROM (for program code and S-boxes)
may be at a premium.
Such environments are
On Fri, Oct 4, 2013 at 11:20 AM, Ray Dillinger b...@sonic.net wrote:
So, it seems that instead of AES256(key) the cipher in practice should be
AES256(SHA256(key)).
More like: use a KDF and separate keys (obtained by applying a KDF to
a root key) for separate but related purposes.
For example,
