The Security Newsletter 22 is available. We are proud to have as guest Joan DAEMEN. Joan is one of the authors of KECCAK, the new algorithm selected by NIST to become the new official SHA-3 function. Mohamed is presenting this new hash function. SSL is the most deployed security protocol on the Internet, thus it is highly scrutinized by the community. Olivier, Christoph and Benoit have a deep dive into the latest attacks against SSL.
Hoping that you will enjoy its reading. Do not hesitate to comment.
In 2005, the first serious attacks on the widely use hash function SHA-1 were published. Researchers were able to generate some collisions. The new generation SHA-2 was also prone to these attacks. In 2007, NIST launched a contest to select the future replacing algorithm. At the first round, there were 63 submissions. The second round kept only five algorithms. On Tuesday, NIST published the winner: KECCAK
KECCAK was designed by researchers from STMicroelectronics and NXP. According to NIST, KECCAK won because it was elegantly simple and had higher performance in hardware implementation than the other competitors. As it is foreseen that SHA-3 may be used in many lite weight embedded devices (smart dust, intelligent captors, RFID…) , this was a strong asset. No surprise that its implementation was optimized for hardware; Its four fathers are working for companies designing such chipset. STMicroelectronics is one of the leaders in secure components for smart cards, whereas NXP is the leader in NFC. Another interesting argument is as KECCAK uses totally different principles than SHA-2, attacks that would work on SHA-2, most likely will not work for SHA-3.
On September 24, 2012, Bruce Schneier, one of the five finalists with his Skein algorithm, called for a “no award”. Currently, SHA-512 is still secure for many years. Thus,according to him, there was no need to switch to another algorithm.
In its announcement of the winner, NIST confirmed that
SHA-2 has held up well and NIST considers SHA-2 to be secure and suitable for general use.
Thus, be not afraid when you will still find SHA-2 in designs for the coming years. We’re safe. It will take several years to tame this new algorithm. Nevertheless, NIST estimates that having a successor to SHA-2, if ever it weakens, is a good insurance policy.
About one year ago, I informed you that the final draft of my book was sent to Springer, my editor. Today, a new step: after several copy edit rounds, the text is final. We enter now the final stage: layout and printing. In other words, the book should be now soon available in the stores (before end of this quarter).
The book will have inserts entitled “Devil’s in the Details”. These short sections will deeply dive in some naughty details highlighting the difference between theoretical schemes and actual robust security. For instance, you will learn some details on the Black Sunday, or on how AACS was hacked.
I will keep you informed about the next steps.