Questions tagged as ['sha-3']

I am trying to implement SHA-3 using this document and have a question about the iota step.

This step consists in a single XOR between the central (0, 0) lane of the state (illustration of the state p.8 if needed) and a round constant. In other terms:

for z in [0, w[:
    let new_state(0, 0, z) = state(0, 0, z) ^ RC[z]

where RC is viewed as a bit string.

The first round constant of the first round is 1, ...

Reading through the wikipedia entry for HMAC I see that SHA-3 can be used with the HMAC algorithm to give HMAC-SHA3-512.

I also know that there is KMAC, which from my understanding is a MAC construction designed specifically for KECCAK, basically SHA-3 and it makes use of CSHAKE.

Question now is what would be the difference between HMAC-SHA3-512 and KMAC? And when should one be used over the other? ...

According to keccak strengths you have:

Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does not need the HMAC nested construction. Instead, MAC computation can be performed by simply prepending the message with the key.

Meaning I can get a MAC of a message by just computing $\operatorname{SHA-3-256}(KEY \mathbin\| message)$. If this is the case, why then does

In the FIPS202 document "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" an extendable-output functions is defined as:

An extendable-output function (XOF) is a function on bit strings (also called messages) in which the output can be extended to any desired length.

That is all the definition I could find on that. However, this definition does not capture the notion that the bi ...

I am learning about hash functions and I just read about XOF (namely shake and cShake).

I will like to test this functions out by myself but I can't seem to find how to use it via the OpenSSL CLI or using a JavaScript library.

The JavaScript library I am using is https://github.com/paulmillr/noble-hashes but it does not seem to support XOF.

So how do I use XOF (SHAKE and cSHAKE) in openssl CLI and JavaSc ...

Why are SHA3 algorithms considered more secure than their SHA2 counterparts? Surely in part, it is due to their resistance to length extension attacks. But specifically, when considering collision resistance they have the same O(n) attack times.

Is it because they are more resistant to preimage attacks?

Rather than storing user data when interacting with an app, I am storing the SHA3-256 of the data. This is because data storage in this particular environment is very limited.

The data can be several variables, e.g., a, b, and, c, but instead of saving them individually, I save the hash of the concatenation: SHA3(a,b,c).

When the user wants to interact with the system, they should send the variables ...

I have been researching SHA algorithms extensively, specifically SHA1, SHA2-256, SHA2-512, SHA3-256, and SHA3-512, and have found many instances of successful collision attacks as well as methods.

In my list are the following:

• Brute Force attacks
  • Birthday attacks
  • Yuval's Birthday attack (improved birthday attack with different conditions)
• Reduced round attacks
  • Successful on attacks on all SHA al ...