Risk
10/3/2012
12:06 PM
Connect Directly
RSS
E-Mail
50%
50%

SHA-3 Secure Hash Algorithm: New Face Of Crypto

Secure hash algorithm beats 63 contenders to become NIST's next-generation cryptographic standard.

14 Amazing DARPA Technologies On Tap
14 Amazing DARPA Technologies On Tap
(click image for larger view and for slideshow)
Cryptography aficionados, say hello to a new hash algorithm backed by the National Institute for Standards and Technology (NIST).

Dubbed Keccak (pronounced "catch-ack"), the secure hash algorithm, which will officially be known as SHA-3, beat 63 other submissions after NIST issued an open call for a SHA-2 replacement in 2007. That move was driven by worries--which so far haven't come to pass--that SHA-2 might be vulnerable to being cracked.

Hashing algorithms are a vital information security tool, and used to authenticate messages, as well as digital signatures and documents. "A good hash algorithm has a few vital characteristics," according to NIST. "Any change in the original message, however small, must cause a change in the digest, and for any given file and digest, it must be infeasible for a forger to create a different file with the same digest."

Keccak was designed by Guido Bertoni, Joan Daemen, and Gilles Van Assche of STMicroelectronics, together with Michael Peeters of NXP Semiconductors. NIST praised their algorithm's "elegant design," ability to run on many types of devices, as well as its facility in performing better than SHA-2--or any of the 63 other SHA-3 entries--in hardware implementations. All of the submissions were open for public review and criticism.

Interestingly, NIST still stands behind SHA-2, which it's said is "secure and suitable for general use." But NIST computer security expert Tim Polk said that SHA-3 would also serve as an insurance policy, should SHA-2 be cracked, since--despite the nomenclature--the two secure hash algorithms are designed in completely different ways.

Accordingly, "Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be," said Polk in a statement. "An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently."

[ Learn 6 Password Security Essentials For Developers. ]

Cryptography expert Bruce Schneier, chief security technology officer of BT, agreed with that assessment. "I'm glad that SHA-3 is nothing like the SHA-2 family; something completely different is good," he said in a blog post. Schneier himself had submitted a SHA-3 entry, Skein, which was one of the five contest finalists.

Schneier, who has previously argued against NIST creating a new secure hashing algorithm standard--saying that "too many options makes for a bad standard"--praised NIST "for running a very professional, interesting, and enjoyable competition," noting that it had "increased our understanding about the cryptanalysis of hash functions by a lot." He also said that "Keccak is a fine hash function; I have absolutely no reservations about its security," or the security of any of the four other finalists.

But should people begin using SHA-3, or stick with SHA-2 (which includes SHA-512)? Last month, Schneier said that "when SHA-3 is announced, I'm going to recommend that, unless the improvements are critical to their application, people stick with the tried and true SHA-512," at least for the time being. In the wake of Keccak being awarded the SHA-3 mantle, Schneier said he's examining which applications he'd recommend that it be used for.

Polk said that finding the best uses for SHA-3 might be a process that takes years. But he said the secure hash algorithm's relatively small size would likely make it a good match for embedded or smart devices, such as networks of distributed sensors.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.