[144565] in cryptography@c2.net mail archive
Re: MD6 withdrawn from SHA-3 competition
daemon@ATHENA.MIT.EDU (Paul Hoffman)
Mon Jul 6 18:16:23 2009
In-Reply-To: <20090704173921.D404B14F6E1@finney.org>
Date: Sun, 5 Jul 2009 07:07:50 -0700
To: hal@finney.org ("Hal Finney"), ashwood@msn.com, smb@cs.columbia.edu
From: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: cryptography@metzdowd.com
At 10:39 AM -0700 7/4/09, Hal Finney wrote:
>But how many other hash function candidates would also be excluded if
>such a stringent criterion were applied? Or turning it around, if NIST
>demanded a proof of immunity to differential attacks as Rivest proposed,
>how many candidates have offered such a proof, in variants fast enough
>to beat SHA-2?
The more important question, and one that I hope gets dealt with, is what is a sufficient proof. We know what proofs are, but we don't have a precise definition. We know what a proof should look like, sort of. Ron and his crew have their own definition, and they can't make MD6 work within that definition. But that doesn't mean that NIST wouldn't have accepted the fast-enough MD6 with a proof from someone else.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
