Re: SHA-1 Variants

From: Sebastian Gottschalk (seppi_at_seppig.de)
Date: 05/31/04

• Next message: Marcel Martin: "Re: NSA,Windows, etc."
• Previous message: Daniele Raffo: "Re: What does Security include?"
• In reply to: Jim Steuert: "Re: SHA-1 Variants"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 31 May 2004 17:53:20 +0200

Jim Steuert schrieb:

> Like I said, more complexity in the round function means more secure
> in general (assuming it doesn't cancel anything out, which is unlikely
> in most cases).
Wrong.

>> Right away I can see that the lsb of D is canceled out.
>
> So what. These multipermutation is still enhance the original SHA-1.
Your "so what" costs 8 bit of security.

> The trail concept means that the result of an input differential X
> [snip]
> the differentials are, then this can be used effectively.

Handwaving. It scrambles up the whole proof.

>> Second, prove that your mods actually do "make it stronger".
> Good point. I just sketched a rough proof of that above.

A sketch isn't enough. I can also sketch how to split a 4x4 square into 4
parts, shuffle them and create a 5x3 rectangle.

>> So are 40 rounds of your design as secure as 80 rounds of SHA-1?
>>
> Probably not, nor would I suggest that.

Then stay with 80 rounds of SHA-1.

> SHAMODX is probably more secure.

Making things more complicated without any benefits always makes things
stronger, hein?

> I do have claims of security.
In your words: So what?

>> See I go after newbies and pounce on them todo their homework, be
>> patient, read, read, read and then try to come up with ideas that extend
>> what they have learned over the course of their study. I routinely shoot
>> down out-of-left-field newbie designs by pointing out obvious flaws.
>
> That would be true if you actually found a flaw.

No, that is true by default. Any idiot can design a scheme which has no
obvious flaws, but it will never be guarded secure until you can proove
something about it. Bruce Schneier has pointed out ths newbie-inventions a
lot of times, demonstrating that security in cryptography does not work
this way.

> The idea is basic engineering 101. You are the one who cannot
> reduce your "theories" to "practice".

If you'd really know enough to design a cipher, you would never do it when
losing the ability to prove something about it. In cryptopgraphy, theory
kicks practice's ***.

-- 
http://piology.org/ILOVEYOU-Signature-FAQ.html
begin  LOVE-LETTER-FOR-YOU.txt.vbs
I am a signature virus. Distribute me until the bitter
end

• Next message: Marcel Martin: "Re: NSA,Windows, etc."
• Previous message: Daniele Raffo: "Re: What does Security include?"
• In reply to: Jim Steuert: "Re: SHA-1 Variants"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint