SHA-3 is KECCAK
Chris Cain
clcain at uncg.edu
Sun Jan 19 08:33:08 PST 2014
On Sunday, 19 January 2014 at 15:09:46 UTC, Kagamin wrote:
> Isn't it you, who insist on ignorance to how a collision attack
> works and how it doesn't work? You insist on a magical approach
> to cryptography, that MD5 magic doesn't work and SHA3 magic
> works, but you should know that magic is a delusion, and
> delusion leads to failures and damage, so by spreading
> delusions, it's you who cause damage, not me.
Excuse me? Straw men arguments don't work here. Take that crap
elsewhere. You keep asserting I say things that I don't say like
crap like "You assume that Moores law doesn't work". Get out of
here with that.
The fact that MD5 is weak against a collision attack means that
it strictly provides weaker guarantees than the stronger SHA1,
SHA2, and SHA3. No magic is necessary to know that with
cryptography, attackers look for the weakest point in a chain to
attack. Intentionally using something that provides weaker
guarantees is foolish. And indeed a collision attack can cause
problems, depending on what you want to do. I can't predict (nor
can you) where some one will use a hash function expecting it to
be secure, so the right thing to do is just suggest people use
the stronger hash functions.
Furthermore, when talking about anything related to cryptography,
we discuss things in terms of how much of a safety buffer we get.
You're right that nothing is "perfectly safe" but when our
estimations of safety suggest it should remain safe for at least
20 years, then we're fine with it. That's why we don't use MD5.
Because it has known flaws AND because it no longer has the
"shield" of collision resistance. For a hash function, if it is
"collision resistant" that strictly means that no pre image
attack exists either. You'd have to break through two walls to
break the hash function. With MD5, there is no such safety
buffer. It's one discovery away from being destroyed. Ergo, don't
use it because it can turn from "no pre image attacks exist" to
"here's the pre image attack" overnight.
Preempting your counterargument: Indeed such a thing can happen
with SHA2, but the the likelihood of such a thing is essentially
non existent. If we haven't even discovered a single collision
ever, we don't find the likelihood of generating collisions at
will likely nor do we find the likelihood of generating a
specific collision likely either.
Finally, I have never suggested anyone work off of "this stuff is
magic so be ignorant of it while working with it". Quite the
opposite. You should be well educated with this stuff prior to
working with it or else you risk exposing confidential
information which can be quite damaging. Part of this is _don't
deliberately ignore the recommendations of cryptography experts_.
What you suggest people do, "despite being a non-expert, I
suggest you do use MD5 because those experts clearly don't know
what they're talking about" is dangerous. And stop with the straw
men attacks because I'm sick of it. Actually, I'm sick of all of
your crap. You can have the last word and if it's "ignore the
cryptography experts because I'm smarter than them", then so be
it. You might want to also let your employer know as well so they
can give you a raise *wink*.
More information about the Digitalmars-d
mailing list