Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.forth > #18198

Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth

From Paul Rubin <no.email@nospam.invalid>
Newsgroups comp.lang.forth
Subject Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth
Date 2012-12-22 19:24 -0800
Organization Nightsong/Fort GNOX
Message-ID <7xlicph2m0.fsf@ruckus.brouhaha.com> (permalink)
References (13 earlier) <3524665.BmtFQlsY80@sunwukong.fritz.box> <55CdnSuDK5ZK6UnNnZ2dnUVZ_hSdnZ2d@supernews.com> <1772758.lvmFiRl8kW@sunwukong.fritz.box> <7xr4mi6871.fsf@ruckus.brouhaha.com> <1798728.DyWubedKP2@sunwukong.fritz.box>

Show all headers | View raw

Bernd Paysan <bernd.paysan@gmx.de> writes:
>> It's more a matter of following recognized practices than of doing
>> something that's arguably better technically.
> We lost a world war due to that attitude on encryption.

The other attitude is even more likely to fail, of course.  AES has
withstood a lot of attacks and a new concoction by any one person is
much more likely to have a problem.  If the new thing is really better
then it should be possible to persuasively state concrete advantages and
get buy-in from the crypto community.  All the finalists for the AES and
SHA3 competitions, ESTREAM, Nessie, etc. could be said to have a
reasonable amount of recognition.  If you submit Wurstkessel to
something like FSE and it gets accepted and nobody sees obvious
problems, that's a start.  If it hasn't had even that, using it in
anything but a hobby project (not putting anybody else's assets at risk)
just seems ill-advised.

> By the end of WW II, the Enigma was 25 years old, and definitely a
> "proven standard" - it was used all and everywhere in the Reich, and
> therefore, the enemy knew all and everything by just breaking one
> scheme.

It was much more complicated than that--Enigma evolved considerably over
that period, the ongoing breaks against it wouldn't have been possible
without building on the early breaks, and a lot of it depended on
procedural errors by the users.  It took quite high-caliber
mathematicians (Alan Turing was famously involved) to keep up with the
changes.  Also, my memory is hazy but I think the 4-rotor Kriegsmarine
version was never broken in the sense that the 3-rotor versions were
broken.  Wladislaw Kozaczuk's book "Enigma" (particularly about the
early breaks in Poland) and David Kahn's "Seizing the Enigma" (about the
naval Enigma) are good references about this.

Most importantly though, the background knowledge and the review
processes that went into Enigma were nothing at all like what we do
today.  It's almost like comparing modern medicine with medieval
medicine.

> the requirements had an AES tickbox for the encrypted
> communcition. Well, it was AES, but in ECB mode, and all instances of
> the Bundestrojaner had even the same key.

That's just mis-use of the algorithm, similar to an amateur doctor
giving you the wrong drug.  

> Haha, funny.  Splitting a key is not a "a single key".  GCM still
> requires twice as many operations for encryption+authentication as
> encryption alone.

I don't think that's right.  GCM uses one AES encryption and one binary
field multiplication for each ciphertext block, plus one extra
encryption for the entire message (i.e. for N blocks you need N+1 AES
encryptions and N field multiplications), not an extra encryption for
every block.  The second "key" is actually just the encryption of the
all-zero block, giving the multiplicative constant.  Maybe you are
thinking of EAX mode, which was sort of a combination of CTR and
CBC-MAC, doing two encryptions per block?  Nobody uses that any more,
although as you indicate, maybe it's viable if your device has two AES
hardware units.

There was also OCB mode, the first encryption/authentication mode that
does just one encryption per block, but nobody uses it because it is
patented.

Even if those modes didn't exist, you could use something like UMAC in
combination with CTR mode and not do extra encryptions.

> Unfortunately, I lost the link, but a few years ago, someone analyzed
> different encryption algorithms and found that he could identify which
> encryption is used based on statistical properties of the ciphertext.

That would be considered a security failure of the ciphers in question
and if it happened with AES, I'd almost surely would have heard about
it.  It's of course well-known that RC4 has such a distinguisher and
this is a reason to not use RC4 in new designs.

> You should not be able to tell that.  The ciphertext should be
> indistinguishable from random noise.

That is right.  Newbies often argue the opposite, but cryptographers
consider distinguishing attacks to be security failures even they don't
reveal plaintext.

> the great Chinese firewall ... found a way to distinguish TOR
> connections from other SSL connections, despite TOR uses SSL.

I seriously doubt that involves any cryptanalysis on the ciphers (at
least on AES).  It can probably be done by monitoring multiple nodes at
the same time and observing correlations between packet lengths, or just
noticing the pattern of packet lengths associated with Tor connections.

Back to comp.lang.forth | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-12 14:52 -0800
  Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Howerd <howerdo@yahoo.co.uk> - 2012-12-12 23:47 -0800
    Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-13 00:38 -0800
      Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Howerd <howerdo@yahoo.co.uk> - 2012-12-13 20:17 -0800
        Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-13 20:25 -0800
          Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Howerd <howerdo@yahoo.co.uk> - 2012-12-13 20:53 -0800
            Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-13 21:16 -0800
              Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Howerd <howerdo@yahoo.co.uk> - 2012-12-14 03:43 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-14 12:15 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-20 00:21 -0800
            Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-14 04:45 -0600
              Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Howerd <howerdo@yahoo.co.uk> - 2012-12-14 03:33 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-14 12:20 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-14 10:28 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-14 12:39 -0600
          Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-15 01:47 +0100
            Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-19 18:10 -0800
              Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-19 19:53 -0800
              Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-20 14:44 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-20 19:28 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-20 13:56 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-21 01:41 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-21 03:58 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-21 02:20 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-21 06:46 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-21 15:34 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-21 08:40 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-22 03:36 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-21 20:07 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-23 02:37 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-22 19:24 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-23 15:52 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-23 17:52 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-24 03:57 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-24 16:20 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-24 15:36 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-25 02:52 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-24 21:51 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-25 20:56 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Paul Rubin <no.email@nospam.invalid> - 2012-12-26 01:08 -0800
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-26 16:02 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth David Thompson <dave.thompson2@verizon.net> - 2012-12-31 02:48 -0500
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth kenney@cix.compulink.co.uk - 2012-12-24 03:20 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-22 03:24 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-23 01:24 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-23 04:59 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-23 17:32 +0100
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Andrew Haley <andrew29@littlepinkcloud.invalid> - 2012-12-23 11:28 -0600
                Re: ANN: SHA-256 Secure Hash Algorithm in ANS Forth Bernd Paysan <bernd.paysan@gmx.de> - 2012-12-24 00:30 +0100

csiph-web