


NIST Releases SHA-256, SHA-512 9
An Anonymous Coward writes: "The National Institute of Standards and Technology (NIST) has just released a series of cryptographic hash functions (SHA-256, SHA-384, SHA-512) to work with the new Advanced Encryption Standard. Of course, they must be secure since they're designed by our good friends at the NSA."
Good 'ole NSA: Not-very-good Security Agency (Score:1)
Give it a few months of peer review, then the cynics should settle down - unless the review gashes open NIST's credibility....
- NeuralAbyss
www.neuralabyss.com
Re:Cryptographic hashes (Score:1)
They're the NSA. Don't you trust them? Good lord. Next thing you'll make suggestions that Bill Clinton told lies.
Peer reviews (Score:1)
Did anyone ever find issues with SHA-160?
Re:I Dont trust the NSA (Score:1)
It's closed, proprietary implementations that I worry about. If the algorithm has a back door, there's a good chance someone will find it... if the source code has a back door, only serious hackers will have a shot at finding it... if you can't see the source, who do you trust?
The functions formerly known as SHA-xxx (Score:1)
(sp)
And while we're at it, can you imagine a Beowulf cluster of these?
Soon everyone will know everyone else's secrets.
Re:Peer reviews (Score:1)
Re:Cryptographic hashes (Score:1)
Despite this lack of evidence, how many commercial products will use this algorithm simply on the basis that it was designed by the NSA, so must be secure?
In essence, the NSAs reputation creates a certain trust that the algorithm will be secure. No evidence, other than the fact it was designed by the NSA is needed by many.
Cryptographic hashes (Score:2)
Remember that this is the same NSA who produced the original SHA, then made a small modification (SHA-1) to secure it against some attack which they wouldn't tell us about, and nobody outside the NSA has yet been able to work out what the problem actually was.
What gets me is that to qualify for AES, you had to provide (virtual) reams of documentation about the creators' attempts to break it, and with good reason. What did the NSA provide as evidence that their new hashes are secure?
The problem with SHA-0 was found. (Score:3)
As a cryptographer I *am* inclined to trust these hash functions. Designing a back door would essentially require inventing a whole new - and much faster - way of doing public key crypto, and then hiding it from the world. And a back door into a hash function isn't as much use as one into, say, a block cipher - though we now know that all the secret tweaks NSA did on DES were aimed at increasing its strength. SHA-1 has stood the test of time where other hash functions (MD5 for example) look shaky. I strongly suspect that these are good for the purposes advertised.
--