At 9:30 PM +1300 1/25/07, Peter Gutmann wrote:
=?UTF-8?B?SXZhbiBLcnN0acSH?= <[EMAIL PROTECTED]> writes:
Perry E. Metzger wrote:

I'm completely unfamiliar with the way NIST operates, but I've been wondering
for years why they haven't organized this competition already. Do we have a
list veteran who can shed some light on why it took them this long? My
curiosity demands to know.

The AES competition was already a severe resource drain, running another one
for an AHS would have been prohibitive, until the clear signs that SHA was in
real trouble made it more palatable.

This is an incorrect interpretation, I believe. The NIST folks at the workshop said a few times that they were not worried about SHA-1 because they have already deprecated it beginning at the end of 2010. That leaves only SHA-2, in which they said they had sufficient confidence. Further, no one publicly expressed worry at the workshop that SHA-2 would have any significant breaks in the near future.

The dates on the competition timeline shows that AHS (cute name, Peter!) is not meant as a replacement for SHA-2, given that it won't be selected until after SHA-1 needs to stop being used.

--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to