On Tue, 1 Nov 2011 14:51:00 -0700 coderman coderman@gmail.com wrote:
On Tue, Nov 1, 2011 at 1:20 PM, Zooko O'Whielacronx zooko@zooko.com wrote:
... Therefore, in the context of whether we can expect SHA-3 and/or SHA-256 circuits to come built into our chips in the future, the fact that SHA-256 can be implemented in a smaller circuit means it would be cheaper for a chip maker to include it.
my strong preference for SHA-2-256 is precisely for this reason. i use multiple systems with hardware accelerated SHA-2-256. these systems will never have accelerated SHA-3.
adoption of SHA-3 into hardware designs may change this in the future; i am skeptical :) _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
I'm very enthusiastic about one of five SHA-3 finalist -- Keccak. I contact with the Keccak team about some ideas and they responded readily. IMHO Keccak is more perspespective than Skein or ChaCha as a universal cryptoprimitive to make most of symmetryc algos obsolete.
Keccak is not only a hash with any possible length of output but PBKDF, KDF, MAC, old-style HMAC, Stream cipher, random acces Stream Cipher, stronge authenticated Stream Cipher, per block or per complete message authenticated Stream Cipher and possible many more, proved to be secure in random oracle model and easy to use to make most of protocols simple.
The Keccak team pointed me to a method for executing stream cipher encryption and authenticated encryption based on sponge.
The first presentation of the so called duplexing mode, using a sponge for MACing and encryption was at the SHA-3 conference in Santa Barbara in 2010. You can download the paper from here http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/SH... And recently presented at SAC2011, here you can have a look at the presentation http://sac2011.ryerson.ca/SAC2011/BDPVA.pdf
If NIST make the Keccak a SHA-3 finalist then be prepare to integrate it as a good flexible choice. Not only as a hash but virtually as everything symmetric algos. Unfortunately, most of the Keccak properties may be standartizated so slow.
And most of that non-hash properties seems non-conservative, experimental, innovatory and ambitious but very amazingly perspective and good designed with respectful research works and good reputations of authors.
See www.keccak.noekeon.org for details.