Still here. Work. Read. Work. Read.
-
Cool, cool, cool. The deadline for the NIST hash competition submissions was Halloween 2008 (2008-10-31), and a tally of the received submissions (64!) has now been provided via the hash mailing list.
Date: Wed, 5 Nov 2008 17:02:07 -0500
From: Shu-jen Chang
To: Multiple recipients of list
Subject: Submission tally>Do we know how many submissions were made??
We have received 64 submissions, but not all of these are “complete and proper”. As soon as we are ready to make the determination for all the submissions, we will post the first round candidates on our web site.
Thanks,
Shu-jen
Update: The list of first round candidates has now been published by NIST. Of the 64 submissions, 51 qualified for the first round!
And, a conference has been announced.
The First SHA-3 Candidate Conference will be held at K.U. Leuven, Belgium, following the 16th International Workshop on Fast Software Encryption (FSE 2009) which is scheduled for February 22-25, 2009. The purpose of the SHA-3 Conference is to allow the submitters of the first round candidates to present their algorithms, and for NIST to discuss the way forward with the competition.
Update: The conference program has been posted.
While we wait for NIST to release a list of first round candidates, there is an attempt to aggregate the known submissions here.
The SHA-3 Zoo is a collection of cryptographic hash functions (in alphabetical order) submitted to the SHA-3 contest. It’s aim is to provide an overview of design and cryptanalysis of all submissions. For a performance-related overview, see eBASH.
Somewhat related…
FIPS 180-3 has been released.
The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 180-3, Secure Hash Standard (SHS), a revision of FIPS 180-2. The Federal Register Notice (FRN) of the approval is available here. [...]
The changes are listed here.
[...]Some technical information in FIPS 180–2 about the security of the hash algorithms may no longer be accurate, as shown by recent research results, and it is possible that further research may indicate additional changes. Therefore, the technical information has been removed from the revised standard, and will be provided in Special Publications (SPs) 800–107 and 800–57, which can be updated in a timely fashion as the technical conditions change.
And a draft of SP800-57 Part3 is now out for public comment.
NIST announces the release of a draft of Part 3 of Special Publication 800-57, Recommendation for Key Management: Application-Specific Key Management Guidance. This Recommendation provides guidance when using the cryptographic features of current systems. It is intended to help system administrators and system installers adequately secure applications based on product availability and organizational needs, and to support organizational decisions about future procurements. [...]
Collisions have been found in ïrRUPT taking it out of the SHA-3 competition since tweaks or corrections will be allowed only for the 5 finalists.
Update: Or not. Just the EnRUPT/4 variant has been slain.
After studying Sebastiaan’s linearization attack in detail, we have come to the conclusion that EnRUPT does not require any structural changes, corrections or tweaks and that its dismissal is more than premature. It is only a matter of setting the ‘s’ parameter to a slightly higher value increasing the amount of diffusion in the state between inputs.
And, SP800-108 has been released.
November 6, 2008
The National Institute of Standards and Technology (NIST) is pleased to announce the release of Special Publication 800-108. Recommendation for Key Derivation Using Pseudorandom Functions. [...]
-
More cool, cool, cool. Since my last post way back when, the Petname Tool (mentioned here) has been updated to be compatible with Firefox 3.
Secure web sites identify themselves using cryptography. In a phishing attack, a thief tries to impersonate such a site by omitting the cryptographic identification, or using one that’s confusingly similar.
The Petname Tool can help you keep track of these cryptographic identifiers by letting you attach reminder notes to them. Before exchanging sensitive information with a site, you type in a name that will help you remember the site. From then on, whenever your browser is securely connected to that site, your name for it will be displayed. After following a hyperlink, just check that the Petname Tool is displaying the expected name. If so, the Petname Tool has checked that the cryptographic identifiers are also the expected ones.
Works with:* Firefox: 3.0 – 3.0.*
And NoScript really has been plowing along. Good stuff.
Cheers for posting the link to the NIST mailing list – was wondering if there was something like that available and didn’t think to check the obvious place.