Hello, вт, 9 июн. 2020 г. в 19:53, Niels Möller <[email protected]>: > > Dmitry Baryshkov <[email protected]> writes: > > > Add documentation describing Streebog hash function and it's API. > > Is there any consensus on the cryptographic strength and general quality > of streebog? I wonder if it really should go in the section "Recommended > hash functions" with SHA2 and SHA3, or in the "Legacy hash functions" > section.
I wouldn't call it legacy (since it is an actual standard). What about adding the "Other hash functions" section? It can further receive algorithms such as SM3 (if somebody submits it)? > The wikipedia page > (https://en.wikipedia.org/wiki/Streebog#Cryptanalysis) says > > In 2015 Birykov, Perrin and Udovenko reverse engineered the > unpublished S-box generation structure (which was earlier claimed to > be generated randomly) and concluded that the underlying components > are cryptographically weak. > > referring to https://eprint.iacr.org/2016/071. Yes, this is interesting research which has raised a lot of controversion here. However it did not result in demonstration of theoretical or practical weakness of such constructions. > And https://en.wikipedia.org/wiki/Hash_function_security_summary lists a > "theoretical" preimage attack on the full hash function, referencing > https://eprint.iacr.org/2014/675. -- With best wishes Dmitry _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
