[144564] in cryptography@c2.net mail archive
Re: MD6 withdrawn from SHA-3 competition
daemon@ATHENA.MIT.EDU ("Hal Finney")
Sun Jul 5 09:44:57 2009
To: ashwood@msn.com, smb@cs.columbia.edu
Cc: cryptography@metzdowd.com
Date: Sat, 4 Jul 2009 10:39:21 -0700 (PDT)
From: hal@finney.org ("Hal Finney")
Rivest:
> Thus, while MD6 appears to be a robust and secure cryptographic
> hash algorithm, and has much merit for multi-core processors,
> our inability to provide a proof of security for a
> reduced-round (and possibly tweaked) version of MD6 against
> differential attacks suggests that MD6 is not ready for
> consideration for the next SHA-3 round.
But how many other hash function candidates would also be excluded if
such a stringent criterion were applied? Or turning it around, if NIST
demanded a proof of immunity to differential attacks as Rivest proposed,
how many candidates have offered such a proof, in variants fast enough
to beat SHA-2?
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
