lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Feb 2015 11:22:26 +0100 (CET)
To: "" <>
Subject: Re: [PHC] PHC status report

On Wed, 11 Feb 2015, Tony Arcieri wrote:

> I'm sure NIST tried quite hard with the SHA-3 competition, but the 
> reality (at least IMNSHO) is the entire process was a debacle that 
> resulted in a highly contested, poorly-received candidate which was 
> selected before the PHC started... *and yet* still has not been fully 
> standardized by NIST.

I think, this is unfair! When the SHA-3 process started, there was panic 
in the community, especially on the side of the industry. People expected 
SHA-2 to fall as badly as SHA-0 and SHA-1, and where urgently waiting for 
something to replace all the old hash functions. During the time of the 
SHA-3 competition, the confidence in SHA-2 grew, and now there is no real 
interest in SHA-3 any more.

Also not that for many years, the cryptographic community had deep trust 
in the NIST as a fair broker for cryptographic competitions and standards. 
With recent disappointments (if you don't know what i mean, google for 
"Dual_EC_DRBG"), the NIST lost much of its good reputation. Which doesn't 
improve the perception of new NIST standards (SHA-3 or whatever), 
regardless of the quality of the process for these standards.


------  I  love  the  taste  of  Cryptanalysis  in  the morning!  ------
--Stefan.Lucks (at), Bauhaus-Universit├Ąt Weimar, Germany--

Powered by blists - more mailing lists