Hello,
вт, 9 июн. 2020 г. в 19:53, Niels Möller nisse@lysator.liu.se:
Dmitry Baryshkov dbaryshkov@gmail.com writes:
Add documentation describing Streebog hash function and it's API.
Is there any consensus on the cryptographic strength and general quality of streebog? I wonder if it really should go in the section "Recommended hash functions" with SHA2 and SHA3, or in the "Legacy hash functions" section.
I wouldn't call it legacy (since it is an actual standard). What about adding the "Other hash functions" section? It can further receive algorithms such as SM3 (if somebody submits it)?
The wikipedia page (https://en.wikipedia.org/wiki/Streebog#Cryptanalysis) says
In 2015 Birykov, Perrin and Udovenko reverse engineered the unpublished S-box generation structure (which was earlier claimed to be generated randomly) and concluded that the underlying components are cryptographically weak.
referring to https://eprint.iacr.org/2016/071.
Yes, this is interesting research which has raised a lot of controversion here. However it did not result in demonstration of theoretical or practical weakness of such constructions.
And https://en.wikipedia.org/wiki/Hash_function_security_summary lists a "theoretical" preimage attack on the full hash function, referencing https://eprint.iacr.org/2014/675.