On 5 October 2013 20:18, james hughes wrote:
> On Oct 5, 2013, at 12:00 PM, John Kelsey wrote:
>
>> http://keccak.noekeon.org/yes_this_is_keccak.html
>
> From the authors: "NIST's current proposal for SHA-3 is a subset of the
> Keccak family", "one can generate the test vectors for that proposal
On Sat, 2013-10-05 at 12:18 -0700, james hughes wrote:
> and the authors state that
You know why other people than the authors are doing cryptoanalysis on
algorithms? Simply because the authors may also oversee something in the
analysis of their own algorithm.
So while the argument "the original a
On 2013-10-04 23:57, Phillip Hallam-Baker wrote:
Oh and it seems that someone has murdered the head of the IRG cyber
effort. I condemn it without qualification.
I endorse it without qualification. The IRG are bad guys and need
killing - all of them, every single one.
War is an honorable pro
One thing that seems clear to me: When you talk about algorithm flexibility in
a protocol or product, most people think you are talking about the ability to
add algorithms. Really, you are talking more about the ability to *remove*
algorithms. We still have stuff using MD5 and RC4 (and we'll
On Oct 5, 2013, at 2:00 PM, John Gilmore wrote:
>> b. There are low-end environments where performance really does
>> matter. Those often have rather different properties than other
>> environments--for example, RAM or ROM (for program code and S-boxes)
>> may be at a premium.
>
> Such environme
On Fri, Oct 4, 2013 at 11:20 AM, Ray Dillinger wrote:
> So, it seems that instead of AES256(key) the cipher in practice should be
> AES256(SHA256(key)).
More like: use a KDF and separate keys (obtained by applying a KDF to
a root key) for separate but related purposes.
For example, if you have a