14 DAY TRIAL // The National Institute of Standards and Technology (NIST) has finally revealed the winner of the secure hash algorithm competition. The algorithm known as Keccak (pronounced catch-ack) will become NIST’s SHA-3.
Developed by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors, the hash algorithm turned out to be the best of the initial 63 submissions.
NIST has chosen Keccak because it’s elegantly designed, it has higher performance in hardware implementations compared to its predecessor, and it’s capable of running on a large number of various computers.
“Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be. An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently,” NIST computer security expert Tim Polk explained.
At the end of September, security expert Bruce Schneier revealed that either one of the remaining five algorithms - one of which was his own team’s – would be good. However, he also highlighted the fact that SHA-2 was still pretty secure, which means that SHA-3 is not needed, at least not yet.
In 2007, when NIST announced the start of the competition for choosing the next hash algorithm, researchers believed that SHA-2 would be cracked in no time. However, five years have passed since then and still no one managed to publicly prove it to be vulnerable.
NIST agrees that SHA-2 is “secure and suitable for general use,” but the organization’s representatives argue that SHA-3 provides an insurance policy in case the older hash algorithm is broken.
Furthermore, Polk states that Keccak could be successfully utilized for smart devices – ones that connect to electronic networks but cannot be considered full-fledged computers – because of its compact design.
Speaking to Softpedia, Jeff Hudson, CEO of Venafi – a leader in enterprise key and digital certificate management (EKCM) solutions – applauds NIST’s efforts in providing efficient and secure technologies.
“When it comes to Internet security, NIST is leading the way in establishing standards that allow organizations to reduce risk and better ensure trust across global networks. In recognizing the strength of a new cryptographic algorithm, it has demonstrated once again that it is continues to set the bar when it comes to providing guidance,” Hudson explained.
“Organizations need to find all of the weak encryption technologies deployed across their networks and quickly replace them, otherwise, they will not receive the security benefits that new and stronger encryption algorithms offer,” he added.
“NIST is clear about why it chose the SHA-3 Keccak cryptographic hash algorithm as the winner, organizations that need to reduce risk should take advantage of what it has to offer.”