Bruce “@schneierblog” Schneier had an interesting blog post yesterday for those that are deep into crypto, especially the upcoming announcement of the SHA-3 winner. They are down to five and one is Bruce’s own Skein. The interesting thing is that his hope is that the announcement is “no award.” You see … he feels none of the contenders are really any better than the tried and true SHA-2 512-bit version.
NIST is about to announce the new hash algorithm that will become SHA-3. This is the result of a six-year competition, and my own Skein is one of the five remaining finalists (out of an initial 64).
It’s probably too late for me to affect the final decision, but I am hoping for “no award.”
It’s not that the new hash functions aren’t any good, it’s that we don’t really need one. When we started this process back in 2006, it looked as if we would be needing a new hash function soon. The SHA family (which is really part of the MD4 and MD5 family), was under increasing pressure from new types of cryptanalysis. We didn’t know how long the various SHA-2 variants would remain secure. But it’s 2012, and SHA-512 is still looking good.
Even worse, none of the SHA-3 candidates is significantly better. Some are faster, but not orders of magnitude faster. Some are smaller in hardware, but not orders of magnitude smaller. When SHA-3 is announced, I’m going to recommend that, unless the improvements are critical to their application, people stick with the tried and true SHA-512. At least for a while.
Do you have any thoughts on who should win this competition? Post your comments below. Today’s post pic is from CliveCouldwell.Wordpress.com.