On 04/22/2012 12:37 PM, Steven Bellovin wrote:
The question is not whether there should be a hash function significantly
faster than SHA-3, it's whether or not anyone knows how to do it.  NIST
wanted to stick with that goal, but there weren't enough (possibly
weren't any; I'm not sure) submissions that were also secure enough.

NIST specifically asked for and received functions with a variable number of rounds such that the security vs. performance tradeoff could be adjusted during (or after) the selection process.

So we could take any of the finalists and make them about 3x faster simply by cutting the number of rounds by a third. We could do that with SHA-2 as well. But the resulting function would not be considered sufficiently secure.

It may however make a nice non-cryptographic pseudorandom generator for statistical purposes. I did try some experiments with using reduced Skein in this way. ISTR it passing DieHarder at about 2 cycles/byte.

- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to