Say a final goodbye to SHA-1

January 25, 2007

Slashdot says that NIST is planning to augment and revise the current Secure Hash Standard.

Due to recent attacks on the SHA-1 hash function specified in FIPS 180-2, Secure Hash Standard, NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES).

In a recent interview to this blog, Vincent Rijmen of AES fame declared to be working mostly on hash functions: “[…] there are very interesting developments going on in the cryptanalysis of hash functions.” How coincidentally that is! I wouldn’t be surprised to see him and his team among the participants to this competition.

At the same time his former colleague Joan Daemen is pursuing innovative ideas in the same field. Moving away from the classic Merkle-Damgard construction (also adopted by the SHA-2 family) he developed the “belt and mill” Radiogatun family. But some Slashdot commenters are afraid that the hash function submitted will have to be pretty conservative to gain the blessing of NIST as a new standard …

Disclosure: Clipperz online password manager presently adopts SHAd-256 as hash function of choice.