The U.S. National Institute of Standards and Technology soon will announce the winning hash algorithm, which eventually will become the next-generation industry standard SHA-3.
However, security expert Bruce Schneier, who developed one of the five finalists for SHA-3, says there currently is no need for a new hash standard because the existing one is still functional. "When we started this process [in 2006], we did think the whole SHA family's days were numbered," Schneier says. "But then the SHA hacks stopped."
The latest version of the algorithm for fingerprinting messages and files, SHA-512, so far has held up, Schneier notes. The submission and selection process for SHA-3 began in late 2007, and about 64 entries were part of the first round of the competition. Although SHA-512 is still acceptable, the benefits of faster hashing and other features that will be included in SHA-3 will make it worth the switch, says Errata Security CEO Robert Graham.
Meanwhile, Schneier notes SHA-512 eventually could be broken. "I don't know if we have tried hard enough to break SHA-512," he says.
From Dark Reading
View Full Article
No entries found