Re: MD6 withdrawn from SHA-3 competition

2009-07-07 Thread Chen Ke-Fei Lin
At 10:39 AM -0700 7/4/09, Hal Finney wrote: But how many other hash function candidates would also be excluded if such a stringent criterion were applied? Or turning it around, if NIST demanded a proof of immunity to differential attacks as Rivest proposed, how many candidates have offered such a

Re: MD6 withdrawn from SHA-3 competition

2009-07-07 Thread Josh Rubin
Paul Hoffman wrote: At 10:39 AM -0700 7/4/09, Hal Finney wrote: But how many other hash function candidates would also be excluded if such a stringent criterion were applied? Or turning it around, if NIST demanded a proof of immunity to differential attacks as Rivest proposed, how many

Re: MD6 withdrawn from SHA-3 competition

2009-07-06 Thread Paul Hoffman
At 10:39 AM -0700 7/4/09, Hal Finney wrote: But how many other hash function candidates would also be excluded if such a stringent criterion were applied? Or turning it around, if NIST demanded a proof of immunity to differential attacks as Rivest proposed, how many candidates have offered such a

Re: MD6 withdrawn from SHA-3 competition

2009-07-06 Thread Ray Dillinger
On Sat, 2009-07-04 at 10:39 -0700, Hal Finney wrote: Rivest: Thus, while MD6 appears to be a robust and secure cryptographic hash algorithm, and has much merit for multi-core processors, our inability to provide a proof of security for a reduced-round (and possibly

Re: MD6 withdrawn from SHA-3 competition

2009-07-05 Thread Paul Hoffman
At 11:49 PM -0400 7/3/09, Steven M. Bellovin wrote: Here's the essential paragraph: Thus, while MD6 appears to be a robust and secure cryptographic hash algorithm, and has much merit for multi-core processors, our inability to provide a proof of security for a

Re: MD6 withdrawn from SHA-3 competition

2009-07-05 Thread Hal Finney
Rivest: Thus, while MD6 appears to be a robust and secure cryptographic hash algorithm, and has much merit for multi-core processors, our inability to provide a proof of security for a reduced-round (and possibly tweaked) version of MD6 against differential

Re: MD6 withdrawn from SHA-3 competition

2009-07-04 Thread Steven M. Bellovin
On Thu, 2 Jul 2009 20:51:47 -0700 Joseph Ashwood ashw...@msn.com wrote: -- Sent: Wednesday, July 01, 2009 4:05 PM Subject: MD6 withdrawn from SHA-3 competition Also from Bruce Schneier, a report that MD6 was withdrawn from the SHA-3

Re: MD6 withdrawn from SHA-3 competition

2009-07-04 Thread Brandon Enright
On Thu, 2 Jul 2009 20:51:47 -0700 or thereabouts Joseph Ashwood ashw...@msn.com wrote: Sent: Wednesday, July 01, 2009 4:05 PM Subject: MD6 withdrawn from SHA-3 competition Also from Bruce Schneier, a report that MD6 was withdrawn from the SHA-3 competition because of performance

Re: MD6 withdrawn from SHA-3 competition

2009-07-03 Thread Joseph Ashwood
-- Sent: Wednesday, July 01, 2009 4:05 PM Subject: MD6 withdrawn from SHA-3 competition Also from Bruce Schneier, a report that MD6 was withdrawn from the SHA-3 competition because of performance considerations. I find this disappointing. With