SHA-3 is KECCAK
Kagamin
spam at here.lot
Fri Jan 17 06:04:28 PST 2014
On Friday, 17 January 2014 at 13:11:57 UTC, Chris Cain wrote:
> On Friday, 17 January 2014 at 11:37:26 UTC, Kagamin wrote:
>> MD5 is good enough for most cases.
>
> For any use where security isn't an actual concern, sure. If
> it's just to casually verify that a file transferred
> successfully (like an alternative to a checksum), then it's
> fine to use. But don't use it to secure anything against an
> attacker at this point.
There's no successful preimage attack on MD5, which is the only
deadly attack on a hash function. SHA3 is just more convenient
than MD5 because when you want to change the hash function, you
don't have to ditch the whole system, only change its parameters.
>> AFAIK, keccak uses weird bit fiddling. Wasn't it considered a
>> bad practice since DES because a specialized hardware would
>> give a considerable speedup, which will help in brute force
>> attacks?
>
> Actually, the idea is that it _should_ be implemented in
> specialized hardware to make it faster.
That's rather inconvenient, that you can't have an efficient
implementation of the algorithm on common hardware. MD5 family
has no such flaw.
> And improving brute force attacks in this manner will only
> provide a multiplicative increase in speed, and that's not a
> concern. The overall strategy of using brute force isn't going
> to be turned from infeasible to feasible because of that. It's
> still completely infeasible to find two different messages s.t.
> their SHA-3 hash is equal.
You assume that Moore's law doesn't and won't work. Write asserts
for assumptions.
More information about the Digitalmars-d
mailing list