Talk:Gost-Hash

From Wikipedia, the free encyclopedia

You have new messages (last change).

I have removed the following quote as it is incomplete, it leads to wrong assumptions:

Bruce Schneier posted to sci.crypt on 12 November 1998 about GOST:
"GOST has a 256-bit key, but its key schedule is so weak that I would
not use it as a hash function under any circumstances."

The full thread is at http://groups.google.com/group/comp.security.misc/browse_thread/thread/a8bd5008491e12ae/da11ba880a76def2

>Bruce Schneier <schne...@counterpane.com> wrote:
>>GOST has a 256-bit key, but its key schedule is so weak that I would
>>not use it as a hash function under any circumstances. 
>IIRC there is a GOST hash function with 256-bit output, which is quite
>different from the GOST block cipher with the weak key schedule.  The
>hash function is intended for use with the GOST digital signature
>algorithm which is similar to DSA but with a 256-bit submodulus.

You're right.  I just read up on that hash function in Applied
Cryptography (which you would think I would remember better).  Again,
I don't know of any serious cryptanalysis of this hash function, and
would hesitate to use it.

Bruce

I have added a note to the article that there are two algorithms called GOST, a weak block cipher and a not-yet-analyzed hash function, also called GOST. I have also removed the GOST cipher reference from the article, as it discusses the cipher rather than the hash. Jonelo 19:32, 13 November 2005 (UTC)

Thanks for catching that. Is GOST "known to be weak", though? — Matt Crypto 20:56, 13 November 2005 (UTC)
I'm also not aware of a serious cryptoanalysis of the GOST hash function, but in my opinion the russion GOST hash function should considered to be not broken, pending proof to the contrary. According to the Key Schedule Cryptoanalysis at http://www.cs.berkeley.edu/~daw/papers/keysched-crypto96.ps the GOST cipher seems to be not very secure. Jonelo 20:16, 15 November 2005 (UTC)
The key word is "seems to". As far as I know, there is no published successful attack agains the GOST cipher. Anyway, speculations about the hash function based on the structure of a completely different cipher are more than arguable. MvR 10:43, 3 February 2006 (UTC)
Retrieved from "http://en.wikipedia.org../../../g/o/s/Talk%7EGost-Hash_5e5e.html"