On 04/23/2012 01:53 PM, David Adamson wrote:

Ahhh, I think it was a mistake to withdraw MD6. But Ron and his team
had dignity and set up higher mathematical standards than NIST (the
hash function to be provably secure against the differential
cryptanalysis).

If you know of actual weaknesses in NIST's cryptanalysis or attacks on
any of the finalists now is the time to let them know.

http://lists.randombit.net/pipermail/cryptography/2012-March/002690.html
"NIST requested community feedback before June 1, 2012 so that it can
be considered in the SHA-3 selection process. Feedback received after
the deadline, unless of very significant nature, may not impact the
final selection."

If you void the mathematically set up security margin of MD6 and
reduce the number of rounds from 168 down to 64, (with similar
artistic, cryptographer's experience and "trust me" arguments present
in other finalists) you will have a hash function that is faster than
SHA-2 and is definitively faster than 2 or 3 of the SHA-3 finalists

You're free to use such a function in your own protocols, but I doubt you'll find many other folks wanting to use it.

(I never understood why NIST picked up those 2 or 3 slower than SHA-2
candidates as finalists).

You might find this interesting:

http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Round2_Report_NISTIR_7764.pdf
"The announcement of the five SHA-3 finalists – BLAKE, Grøstl, JH,
Keccak and Skein marked the end of the second round of the SHA-3
competition. This report summarizes the evaluation criteria, the
selection process, the designs of the second-round candidates and the
published security and performance results for each."

- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to