SHA-3 Winner Chosen, But It May Be Years Before Keccak Has an Effect

Now that NIST has selected Keccak as the winner of the five-year-long SHA-3 competition, the next question to be answered is whether the new hash algorithm will be implemented in any meaningful way in the near future. The answer, for right now at least, appears to be probably not.

SHA-3Now that NIST has selected Keccak as the winner of the five-year-long SHA-3 competition, the next question to be answered is whether the new hash algorithm will be implemented in any meaningful way in the near future. The answer, for right now at least, appears to be probably not.

The SHA-3 competition began in response to growing concerns that the SHA-2 hash algorithm would be broken in the near future. There had been a series of increasingly efficient attacks against the MD5 hash algorithm, and cryptographers were of the opinion that the same fate would befall SHA-2, as well. That didn’t end up being the case, but NIST already had gone pretty far down the road to developing a new standard hash algorithm.

The competition took more than five years and comprised several rounds of submissions and eliminations, with the finalists being announced in late 2010. Cryptographers then had a chance to review each of the finalists and look for weaknesses, areas that needed improvement and other issues. On Tuesday, NIST announced that Keccak, an algorithm designed by Guido Bertoni, Joan Daemen, Gilles Van Assche and Michaël Peeters, had been chosen as the winner of the competition and would now become the federal government’s hash standard.

Keccak is not a derivative of SHA-2, and therefore does not have any of the same potential weaknesses as the older algorithm.

“Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be,” NIST computer security expert Tim Polk said in a statement. “An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently.”

Polk added that the government still considers SHA-2 to be secure and useful at this point. Cryptographer Bruce Schneier, who was a co-author of Skein, one of the other SHA-3 finalists, said recently that he expected SHA-2 to be perfectly suitable for general use for some time.

“I expect SHA-2 to be still acceptable for the foreseeable future. That’s the problem. It’s not like AES. Everyone knew that DES was dead — and triple-DES was too slow and clunky — and we needed something new. So when AES appeared, people switched as soon as they could. This will be different,” Schneier said via email.

Engineers who design services that depend on cryptograhic algorithms work on long time lines and typically aren’t too eager to change when something is working well. It may well be years before SHA-3 begins making its way into those services. But Polk said the new algorithm will be important in the coming years.

“The Internet as we know it is expanding to link devices that many people do not ordinarily think of as being part of a network,” Polk says. “SHA-3 provides a new security tool for system and protocol designers, and that may create opportunities for security in networks that did not exist before.”


Suggested articles