Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Schneier On the US Crypto Competition

kdawson posted more than 7 years ago | from the ante-up dept.

Encryption 58

Bruce Schneier has a commentary in Wired titled An American Idol for Crypto Geeks on the US government's competition for a new cryptographic hash function to become the national standard, covered here recently. He talks about how much the competition, slated to wrap up by 2011, will advance the cryptographic state of the art. And how much fun he expects to have.

cancel ×

58 comments

Sorry! There are no comments related to the filter you selected.

Terrorists?? (5, Funny)

MrShaggy (683273) | more than 7 years ago | (#17981562)

But I though that it was only terrorists that use encryption??

Re:Terrorists?? (1, Funny)

Anonymous Coward | more than 7 years ago | (#17981592)

Don't worry son. I'm sure they'll get to him anytime now.

Re:Terrorists?? (0)

Anonymous Coward | more than 7 years ago | (#17981618)

"US government's competition for a new cryptographic hash function to become the national standard"

you are correct :)

Re:Terrorists?? (2, Informative)

darkhitman (939662) | more than 7 years ago | (#17981640)

Encryption is not the same as hashing.

Damn terrorists!

Re:Terrorists?? (1)

skintigh2 (456496) | more than 7 years ago | (#17989488)

Back in my day, it was only pedophiles and drug runners that used encryption. Oh, how times and emotionally munipulative FUD have changd.

Well... (0, Redundant)

tomstdenis (446163) | more than 7 years ago | (#17981630)

I'm glad that Bruce has an opinion about this. Good lord, I don't know how I would make it through monday without hearing what Bruce thinks about something.

NEXT!

Tom

Donald Rumsfeld is the early favourite (2, Funny)

Timesprout (579035) | more than 7 years ago | (#17981634)

After submitting some of his more cryptic speeches.

Re:Donald Rumsfeld is the early favourite (1)

ErikTheRed (162431) | more than 7 years ago | (#17990816)

After submitting some of his more cryptic speeches.
Well, SHA's not a cipher... but considering the hash [reference.com] (see def #7) Rumsfeld & co made in Iraq....

tasty (1, Funny)

qwertphobia (825473) | more than 7 years ago | (#17981672)

mmm.... hash browns

American Idol? (3, Funny)

CerebusUS (21051) | more than 7 years ago | (#17981730)

Please, oh please oh please don't let there be a William Hung [williamhung.net] to spring from this.

Re:American Idol? (1)

Darth_brooks (180756) | more than 7 years ago | (#17982596)

C'mon, You know you wanna hear someone do "She !'s, She !'s"

Re:American Idol? (0)

Anonymous Coward | more than 7 years ago | (#17984590)

C'mon, You know you wanna hear someone do "She !'s, She !'s"

Oh baby and she mv's! She mv's!

Re:American Idol? (2, Funny)

forkazoo (138186) | more than 7 years ago | (#17983214)

Please, oh please oh please don't let there be a William Hung to spring from this.


Maybe this guy should submit his work. He'd be right about on William Hung's level of competetiveness....
http://xkcd.com/c153.html [xkcd.com]

Re:American Idol? (1)

CerebusUS (21051) | more than 7 years ago | (#17983494)

Ha! I love that guy.

Re:American Idol? (1)

h4rm0ny (722443) | more than 7 years ago | (#17986892)


Wow! Thank you. I'd never seen that series before. I love it! It's mathematical and yet so sweet!

Re:American Idol? (1)

strider44 (650833) | more than 7 years ago | (#17989858)

Alright, I love XKCD but I've got to ask someone for an explanation for that specific comic - I've never listened to Missy Elliot.

Re:American Idol? (1)

CerebusUS (21051) | more than 7 years ago | (#17990920)

Missy Elliot's Work It lyrics:

This is a Missy Elliott one-time exclusive (Come on)

Is it worth it, let me work it
I put my thang down, flip it and reverse it
I put my thang down, flip it and reverse it


I'm not a huge rap fan, but I generally dig her stuff.

Re:American Idol? (0)

Anonymous Coward | more than 7 years ago | (#17983436)

oh come on the Hung Algorithm:

byte *HungEncrypt(byte *data, int len)
{
byte *output = new byte[len];

for(int x=0; x < len; x++)
output[x] = data[x] + 256;

return output;
}

Re:American Idol? (0)

Anonymous Coward | more than 7 years ago | (#17983594)

Please, oh please oh please don't let there be a William Hung to spring from this.
Rot13 Rot13, oh baby.
Rot13 Rot13, drive me crazy.

Fun ??? (3, Funny)

jfbus (584847) | more than 7 years ago | (#17981746)

And how much fun he expects to have.
Sometimes, I wonder whether we live in the same world...

Re:Fun ??? (4, Funny)

realnowhereman (263389) | more than 7 years ago | (#17982012)

Repeat after me. It's okay. This is a site for geeks. I don't have to pretend to be cool here. Being interested in encryption does not make me a bad person. I am not in high school any more.

Re:Fun ??? (1)

gkhan1 (886823) | more than 7 years ago | (#17982382)

You just gave me a flashback of me studying the DES standard during breaks and people looking weirdly at me. You know, "Look, these S-boxes are so cool!".

It was nice to impress people by cracking some simple ciphers though. That didn't last long, however....

Re:Fun ??? (1)

Goaway (82658) | more than 7 years ago | (#17982286)

Yes, obviously intellectual exercise is always dull and boring. Who the hell wants to THINK when you could WATCH TV?

Re:Fun ??? (1)

An ominous Cow art (320322) | more than 7 years ago | (#17984752)

Don't think of it as 'American Idol', think of it as 'American 0x000001D0L'.

SHA-256? (2, Interesting)

Bromskloss (750445) | more than 7 years ago | (#17981768)

What about SHA-512?

Re:SHA-256? (3, Interesting)

Phleg (523632) | more than 7 years ago | (#17981820)

It uses a word size of 64 bits, so is not as fast on 32-bit computers. Also, I believe it's received less scrutiny than SHA-256. IANAC.

Re:SHA-256? (2, Insightful)

kestasjk (933987) | more than 7 years ago | (#17982628)

Also it's still based on the SHA-1 algorithm that was "broken".
For practical purposes even SHA-1 is still reasonably safe, but it'd be best to learn from the cryptanalysis and research of almost two decades if we're going to make everyone change their hashing algorithm anyway.

Re:SHA-256? (1)

Chandon Seldon (43083) | more than 7 years ago | (#17988202)

For practical purposes even SHA-1 is still reasonably safe.

That's a very dangerous statement. It can be much easier to extend theoretical attacks into practical attacks than you might think. Cryptographic algorithms only provide any security at all because they are supposed to have specific mathematical properties. SHA-1 doesn't have the ones it's supposed to.

Re:SHA-256? (0)

Anonymous Coward | more than 7 years ago | (#17981834)

There should be a SHA-8196.

Re:SHA-256? (0, Funny)

Anonymous Coward | more than 7 years ago | (#17981908)

LOL! No you newb there should be a SHA-1337 cuz I'm so 313373 lolz rolfm!

AC FTW!

Re:SHA-256? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17982114)

But this one goes to 11...

Re:SHA-256? (5, Insightful)

archen (447353) | more than 7 years ago | (#17982152)

If your algorithm is showing weaknesses, then throwing more bits at the problem is best reserved as a temporary solution. At the worst this competition will just give us an alternative hash algorithm, and that is probably reason enough to have it.

Re:SHA-256? (1)

Library Spoff (582122) | more than 7 years ago | (#17983950)

off topic(ish) but...

So what option should I be using in Truecrypt for my partition that i've got encrypted?
I'm using the default out the box encryption -can't remember what off the top of my head, i'm at work.

I'm not bothered about the government breaking it - it contains banking information and other stuff they could get at anyway, Just yer average cr/hacker.

My pc is a dualcore Athlon64 with 2 gig of ram if that makes a difference.

 

Re:SHA-256? (1)

draziw (7737) | more than 7 years ago | (#17984358)

Select Tools->Benchmark, and run with one that is fastest on your system. :) - For protection from citizens, any of them will do fine for many years.

Re:SHA-256? (1)

DarthTaco (687646) | more than 7 years ago | (#17985940)

"If your algorithm is showing weaknesses, then throwing more bits at the problem is best reserved as a temporary solution."

All cryptographic solutions are temporary.

Re:SHA-256? (1)

Chandon Seldon (43083) | more than 7 years ago | (#17988152)

All cryptographic solutions are temporary.

I'm not sure where this idea comes from, but it's largely false.

You hear a lot about cryptographic breaks because they make good news on Slashdot, but the fact of the matter is that if you encrypted something in 1978 using 3-DES it'd still be 100% secure today. If you encrypt something today using a secure 256-bit symmetric key encryption algorithm it will remain secure forever unless something really unexpected happens in computing (and no, quantum computers aren't unexpected enough).

Now, we don't yet have a good enough understanding of the math behind encryption to prove that a given algorithm is secure, so someone could always discover a serious design fuckup and crack an algorithm. That happens pretty rarely with major algorithms. We understand cryptographic hash algorithms even less than symmetric key encryption algorithms... that's why MD5 and SHA1 got cracked, and why this hash contest is really valuable.

I can't say that our crypto is secure, but I can say that it's not "temporarily secure". If it's broken, it will be because of a design flaw, not because computers got faster.

Theyre sking to find unSHA func or bigger word bit (3, Interesting)

rogtioko (1024857) | more than 7 years ago | (#17982868)

NIST is either looking for an entirely revolutionary function to the SHA series, considering the emphasis that SHA-1 has been around since 1995, or seeking a function that supplies words greater than 64bits and also but albeit distantly 256bit and higher to counter higher chunk rate processors. If they're looking for something different than SHA, here are factors they are considering: the fact that all the SHA hashes after SHA-1 use part, maybe all, of SHA-1's 4 functions and vary only by the function's output word bit size, which SHA-256 and SHA-384-512 change with summation functions into the mix. For example, here is SHA-1's functions

f subscript t (x,y,z) =

Ch(x,y,z)=(x^y) xor (complement x^z) 0 less than or = t less than or = 19

Parity (x,y,z)=x xor y xor z 20 less than or = t less than or = 39

Maj (x,y,z)=(x^y) xor (x^z) xor (y^z) 40 less than or = t less than or = 59

Parity (x,y,z)=x xor y xor z 60 less than or = t less than or = 79

(4.1)

and SHA-384 and SHA-512 functions

Ch( x,y,z) = ( x^y) xor (complement x^z) (4.8)

Maj(x,y,z) = (x^y) xor (x^z) xor (y^z) (4.9)

(big sigma subscript 0) (superscript {512}) (x) = ROTR (superscript 28) (x) xor ROTR (superscript 34) (x) xor ROTR (superscript 39)(x) (4.10)

(big sigma subscript 1) (superscript {512}) (x) = ROTR (superscript 14) (x) xor ROTR (superscript 18) (x) xor ROTR (superscript 41) (x) (4.11)

(small sigma subscript 0) (superscript {512}) x = ROTR (superscript 1) (x) xor ROTR (superscript 8)(x) xor SHR (superscript 7) (x) (4.12)

(small sigma subscript 1) (superscript {512}) x = ROTR (superscript 19) (x) xor ROTR (superscript 61) (x) xor SHR (superscript 6) (x) (4.13)

That man gets everywhere (4, Funny)

hawkinspeter (831501) | more than 7 years ago | (#17981844)

Re:That man gets everywhere (0)

Anonymous Coward | more than 7 years ago | (#17994024)

Bruce Schneier knows you are reading this.

Whirlpool (1)

rumplet (1034332) | more than 7 years ago | (#17981884)

But I guess that's out since it's patent free.

Re:Whirlpool (3, Informative)

MostAwesomeDude (980382) | more than 7 years ago | (#17982224)

The patents (or lack thereof) have not had effects on cryptography endorsements before. One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions. One common use is for LUKS or Truecrypt hard drive encryption, and another is in BSD password hashes (the idea being that it takes the cipher about two seconds to reset itself internally each time a password is guessed, and so even with the ciphertext, the password takes a longer time to crack.)

Re:Whirlpool (0)

Anonymous Coward | more than 7 years ago | (#17982654)

Blowfish wasn't ever an AES candidate, it's not compliant with much of the AES criteria. Twofish was the AES candidate from that group.

Re:Whirlpool (2, Informative)

Ckwop (707653) | more than 7 years ago | (#17983110)

The patents (or lack thereof) have not had effects on cryptography endorsements before.

Yes they have. In particular the AES competition required that submitters adhere to certain restrictions [aes.org] regarding patents.

One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions.

Blowfish was never an AES candiate [quadibloc.com]

.. Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions.

I'm not even sure what you mean here. On the whole, a slow key-schedule is a bad idea. You want your key schedule to be as fast as possible. The reason for this is that a fast key-schedule means you can target more platforms with the cipher (such as smart cards et al).

If you want to slow down dictionary attacks there are better ways to do this. Repeatedly hashing the passphrase is more sensible since the number of hashes can be scaled to the platform speed. Stopping a brute-force of a smart card is a world different to brute-force of a PGP disk.

Blowfish on the whole is a poor design. Now that we have AES I would recommend that over anything else.

Simon

Re:Whirlpool (1)

iabervon (1971) | more than 7 years ago | (#17985300)

IIRC, the algorithm the same group chose for AES was patent-free. This was despite some people wanting them to choose a patented algorithm because the contest requirements included that the winner would have to license any necessary patents to everyone for free. So choosing a patented algorithm would have meant that you and I could use one more AES-finalist-quality algorithm.

I Win! (2, Funny)

lottameez (816335) | more than 7 years ago | (#17982264)

73 32 76 105 110 33

Re:I Win! (2)

LordP (96602) | more than 7 years ago | (#17989256)

Nooo... 4 8 15 16 23 42

Re:I Win! (0)

Anonymous Coward | more than 7 years ago | (#17991538)

'I Lin!' ? I don't get it.

Re:I Win! (1)

gkhan1 (886823) | more than 7 years ago | (#18003566)

447564652C207468617420776F756C64206861766520626565 6E207761792066756E6E69657220696620796F75206861646E 2774206D65737365642075702074686520617363696900

I've got the solution!! (1)

JimXugle (921609) | more than 7 years ago | (#17982782)

[ASCII text in Binary string] + 1

It's so simple that it might just work!

Re:I've got the solution!! (0)

Anonymous Coward | more than 7 years ago | (#17983036)

That's amazing! I've got the same combination on my luggage!

Re:I've got the solution!! (1)

fuego451 (958976) | more than 7 years ago | (#17984780)

Funny. I was thinking md5sum-1.

Re:I've got the solution!! (1)

DamnStupidElf (649844) | more than 7 years ago | (#17986058)

[ASCII text in Binary string] + 1

It's so simple that it might just work!


J think you're right! (this message hashed)

Bruce could take the Simon Cowell role... (2, Funny)

mutterc (828335) | more than 7 years ago | (#17984640)

... insulting the inferior entries.

(Search his site for "The Doghouse" for some smackdowns of snake-oil crypto products.)

fVago'rz (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#17985074)

Documents like a niggerness? A3nd it transforms into

The NSA's entry.... (1)

slcdb (317433) | more than 7 years ago | (#17986406)

I heard the NSA is entering a new hash algorithm, named AYBABTU, into the competition. Interestingly, reverse engineering of the algorithm has shown it to be very similar to an algorithm, tentatively named Eksore, that was submitted to the contest by a local Junior High cryptography team.

Fine. So where is sha2sum ? (0)

Anonymous Coward | more than 7 years ago | (#17986744)

Just did a quick search on google and I couldn't find anything regarding sha2sum... it ain't part of coreutils... So, how do we use SHA-256/512 on Linux ?

i for one, (1)

stupidsocialscientis (689586) | more than 7 years ago | (#17991366)

cpx up pvs fodszqujpo pwfsmpstet!

Re:i for one, (1)

mbessey (304651) | more than 7 years ago | (#17994274)

QNS-27 dmbqxoshnm, dg? H khjd hs. Ax sgd vzx, xnt lhrodkkdc "Nudqknqcr"
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?