Friday, May 20, 2011

Skein as a Crypto Hash (part three)


Ok, so I've been gushing about this new wonderful crypto hash function called Skein.  What the hell does this have to do with me?

I've been working in .NET (mostly C# lately) for several years now, and I was always frustrated by the limited scope of the built-in crypto functions.  Particularly since there is ample evidence that MD5 and SHA1 are horribly crippled, the folks at Microsoft refuse to give them up.

Now I know full well that something as standardized as a government mandated suite of tools takes a LONG time to roll out, and adoption is slow and drawn out.  Especially if there is no standardized replacement (which is NOT the case here, SHA2 was supposed to fix that), people are even more reluctant to invest in new hardware/software.  I get that.  But to limit the options to the old and busted stuff and only adopting a very small set of the new hotness, that's just narrow minded.</rant>


I tried a number of years ago to implement many of these algorithms in C++ just to learn how they worked, and to play with them in a sandbox that I controlled.  I learned the hard way that memory management and threat mitigation is not for the faint of heart.

The .NET framework changed the game, and with VB.NET, I was no longer limited to slow, clunky, rapid application development with no meat.  I could incorporate new ideas and found the aforementioned built-in functions allowed me to do more (to a point).  I continued to develop and explore and such, and slowly worked my way into C#. 

I also came across the CryptoGram newsletter during this time, and it kept me up to date on some of the security issues of the day.

That's when I learned about the new SHA-3 competition, and Skein.  And I jumped at the opportunity to work with a new algorithm and really get my hands into it.  I read the white-paper, narrowly avoided a cranium explosion, and dug into the reference code.  Wow...  You haven't lived until you've taken a dive into advanced C++ code written by 7 industry experts by committee. 

Holy crap...

The white paper didn't explain a few things clearly but the code shed some light on most of those (some days I can read machine language better than English).

After a long battle, and comparing my results with the specified samples and a few random samples on the net that people had written in Perl, Java, Python, and others, I finally have something that I think people can actually USE.  And the best part is just about every algorithm submitted, including Skein, is in the public domain, which means they are free for any use you want (assuming of course you don't live in Libya, North Korea, or Iran, Uncle Sam's orders!).  So... yeah.  I'm releasing it into the wild.  :) 

And in case you haven't read between the lines yet, I'm plugging my CodePlex project.  :D  I figured I should at least include the back story, and I needed blog material to get me started.  Sue me.

The other thing is, I think there should be some more test data out there for others to use.  I found it hard to get any samples outside of the obvious tests of the basic functionality.  For instance: The white paper describes how to use Skein as a PRNG, a Key Derivation Function (KDF), and a few notes and how to sign keys, and how to sign messages incorporating the public key used so that the signature and the document cannot be separated.  These are some important uses and functions, but there are no samples.  So I'm releasing my version, and I encourage others to look into expanding the functionality, both for comparison, but also so that this particular algorithm gets more analysis in a variety of languages and situations.

Basically the designers focused on the functionality and parameters spelled out by NIST, and NIST only wanted a HASH function; that's it.  As a result, even though they addressed a number of security issues in the design, issues that REALLY need attention in the industry, they over-designed it for the venue.  I think they knew that, and thus left out any samples that detracted from the matter at hand:  hashing.  Unfortunate, but you also have to figure these guys have day-jobs too. 

There's a LOT of functionality in Skein as a whole, and thus there would be a glut of data to produce (and reproduce with every tweak through the submission process).  So, I figure the community can provide the missing pieces.

I have a nagging suspicion that if NIST does pick Skein, they might knee-cap it just to make it fit the box they wanted, not expand it or let it spill into other boxes.  What I would like to see is Skein make it's way into the hashing standard AND the digital signature standard.

Anyways, that's my take.  Do what you will with it, take it or leave it.  Would also love to hear your comments.

No comments:

Post a Comment