The major NIST crypto standards are the result of solicitations that are open
to the world, at least
in the recent past.AES was developed by two Belgians. SHA-3 is the result of
work more Belgians.
Should we infer that NSA co-opted theseBelgian crypto experts?
Rijndael was accepted unchanged as AES. Thats why as part of everything,
people still trust it.
Keccak however, is being mysteriously changed in the SHA-3 process, which is
not inspiring confidence in the process:
https://www.schneier.com/blog/archives/2013/10/will_keccak_sha-3.html
I read Bruces's post at the cited URL. The developers of the alg replied:
EDITED TO ADD (10/5): It's worth reading the response from the
Keccak team on this issue.
I misspoke when I wrote that NIST made "internal changes" to the
algorithm. That was sloppy of me.
The Keccak permutation remains unchanged. What NIST proposed was
reducing the hash function's capacity
in the name of performance. One of Keccak's nice features is that
it's highly tunable.
I do not believe that the NIST changes were suggested by the NSA.
Nor do I believe that the changes
make the algorithm easier to break by the NSA. I believe NIST made
the changes in good faith, and
the result is a better security/performance trade-off. My problem
with the changes isn't cryptographic,
it's perceptual. There is so little trust in the NSA right now, and
that mistrust is reflecting on NIST.
I worry that the changed algorithm won't be accepted by an
understandably skeptical security community, and that no one will
use SHA-3 as a result.
That does not seem consistent with "mysteriously changed."
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
