On Tue, Nov 1, 2011 at 12:46 PM, Zooko O'Whielacronx zooko@zooko.com wrote:
On Tue, Nov 1, 2011 at 9:30 AM, Marsh Ray marsh@extendedsubset.com wrote:
I too have been following the development of SHA-3 and will toss in my 2c here.
[....ommitted...]
Although the SHA-3 designers have indeed tried to optimize for that, I think SHA-256 is actually still better. See Fig. 17 of http://eprint.iacr.org/2009/510.pdf .
Its wonderful that you provided references, and even told me what diagram to look for. But figure 17 has every finalist other then Skein outperforming SHA2 in hardware (last column is bits per second), and that was optimizing for speed. In the case of Keccak, that performance is impressively greater. Its possible at the 512 level these reverse, but I don't see that in there. Sincerely, Watson Ladd
Below my signature is just me quoting a few of the points you made. :-)
Regards,
Zooko
Agreed, SHA-3 will fix some problems. Some of these things we've been working around so long that they seem normal.
…
There's sometimes also a benefit of being with the current NIST recommendation. I suspect more users will migrate off of SHA-1 to SHA-3 than they will to SHA-2.
…
NIST may eventually 'deprecate' SHA-2 in favor of SHA-3 due to just the length extension issue. Which is not to say that I think there's a real problem using SHA-2 correctly, only that you may end up having to explain repeatedly why it's not a problem.
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin