On 04/23/2012 01:53 PM, David Adamson wrote:
Ahhh, I think it was a mistake to withdraw MD6. But Ron and his team had dignity and set up higher mathematical standards than NIST (the hash function to be provably secure against the differential cryptanalysis).
If you know of actual weaknesses in NIST's cryptanalysis or attacks on any of the finalists now is the time to let them know. http://lists.randombit.net/pipermail/cryptography/2012-March/002690.html "NIST requested community feedback before June 1, 2012 so that it can be considered in the SHA-3 selection process. Feedback received after the deadline, unless of very significant nature, may not impact the final selection."
If you void the mathematically set up security margin of MD6 and reduce the number of rounds from 168 down to 64, (with similar artistic, cryptographer's experience and "trust me" arguments present in other finalists) you will have a hash function that is faster than SHA-2 and is definitively faster than 2 or 3 of the SHA-3 finalists
You're free to use such a function in your own protocols, but I doubt you'll find many other folks wanting to use it.
(I never understood why NIST picked up those 2 or 3 slower than SHA-2 candidates as finalists).
You might find this interesting:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/documents/Round2_Report_NISTIR_7764.pdf
"The announcement of the five SHA-3 finalists – BLAKE, Grøstl, JH, Keccak and Skein marked the end of the second round of the SHA-3 competition. This report summarizes the evaluation criteria, the selection process, the designs of the second-round candidates and the published security and performance results for each." - Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
