gnu-crypto-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNU Crypto] Whirlpool implementation and tweaks

From: Benjamin Johnston
Subject: [GNU Crypto] Whirlpool implementation and tweaks
Date: Wed, 12 May 2004 20:25:46 +1000 
Hello, I hope somebody can help me here...

I've been looking at the Whirlpool hash in the GNU Crypto project, but
would like to clarify the exact implementation.

The current Whirlpool website publishes what it claims to be the "final
version" of the algorithm. The GNU implementation *fails* against the
test vectors in this package.
http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html

The GNU Crypto project has a set of test vectors online for Whirlpool,
but in a file called whirltweak-test-vectors.txt. I could find very
little information on Google about tweaks to Whirlpool, the following
link is about the only place where the "tweaked" version is described
and test vectors can be downloaded for which the library *succeeds*.
https://www.cosic.esat.kuleuven.ac.be/nessie/tweaks.html

Is this version of Whirlpool in the library there simply because it is
old code that hasn't been updated to the latest algorithm? Or has there
been a conscious decision to stay with the tweaked whirlpool for
security reasons?

If this has been a conscious design decision, is there some
authoritative source that I can refer to that presents a rationale for
the tweak? It just seems a bit too dodgy to use, without any widely
published rationale for the difference.

Thanks for your help,

Actually, while I'm here -- I've been considering using SHA-512 and
Whirlpool simultaneously for *part* of our electronic IP-protection
strategy (two algorithms are used so that if one is broken, it can be
replaced while the other continues to provide security). I chose these
two because (based on some Google searches) they seemed to be the
strongest algorithms currently in widespread usage. I feel confident in
using SHA-512 (because it is a FIPS), but what about Whirlpool? The fact
that Whirlpool is apparently part of NESSIE gives me some reassurance,
but would you recommend anything else as a better choice? I'm willing to
sacrifice hashing speed if it means better security.

-Benjamin Johnston
reply via email to
[Prev in Thread] Current Thread [Next in Thread]