On 04/22/2012 12:37 PM, Steven Bellovin wrote:
The question is not whether there should be a hash function significantly faster than SHA-3, it's whether or not anyone knows how to do it. NIST wanted to stick with that goal, but there weren't enough (possibly weren't any; I'm not sure) submissions that were also secure enough.
NIST specifically asked for and received functions with a variable number of rounds such that the security vs. performance tradeoff could be adjusted during (or after) the selection process.
So we could take any of the finalists and make them about 3x faster simply by cutting the number of rounds by a third. We could do that with SHA-2 as well. But the resulting function would not be considered sufficiently secure.
It may however make a nice non-cryptographic pseudorandom generator for statistical purposes. I did try some experiments with using reduced Skein in this way. ISTR it passing DieHarder at about 2 cycles/byte.
- Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
