The problem created here is likely limited to perception. But that is still a big problem if the result is we end up having to contend with multiple national standards.
We need to think about protocol design in a different way and instead of asking if something is 'sufficient' look at multiple layers of protection that provide sufficient strength even with compromises of some components. Sent from my difference engine > On Oct 23, 2013, at 2:31 PM, Joseph Lorenzo Hall <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > >> On 10/23/13 11:31 AM, Stephen Kent wrote: >> >> >> I read Bruces's post at the cited URL. The developers of the alg >> replied: >> >> That does not seem consistent with "mysteriously changed." > > It is consistent... the process from a winning cryptographic algorithm > to NIST FIPS standardization is pretty murky, and if you follow the > hash-forum list at NIST, you'd see a lot of hue and cry about the > reduction in capacity of Keccak. Of course, now that the Keccak team > has weighed in, it appears that the eventual SHA-3 FIPS standard will > include one or more high-security modes. > > NIST appears to have learned from this that the standardization > process has to be equally as transparent as the > competition/cryptanalysis process. That's a very good thing. > > best, Joe > > - -- > Joseph Lorenzo Hall > Chief Technologist > Center for Democracy & Technology > 1634 I ST NW STE 1100 > Washington DC 20006-4011 > (p) 202-407-8825 > (f) 202-637-0968 > [email protected] > PGP: https://josephhall.org/gpg-key > fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (Darwin) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEAREIAAYFAlJoFfAACgkQwOJtkPJXd/gbPgCeJfMqOD+LE6JyxEiv5T1Pzr3J > sv8AoIKcHCx6Ph3YAdUnYIkGBI0i4Kl0 > =Xecl > -----END PGP SIGNATURE----- > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
