Questions tagged as ['sha-3']

SHA-3, also known as Keccak, is a cryptographic hash function standardized by NIST as a new alternative to the SHA-2 hash function family.
Score: 2
Katoptriss avatar
Clarification about the iota function of SHA-3
cn flag

I am trying to implement SHA-3 using this document and have a question about the iota step.

This step consists in a single XOR between the central (0, 0) lane of the state (illustration of the state p.8 if needed) and a round constant. In other terms:

for z in [0, w[:
    let new_state(0, 0, z) = state(0, 0, z) ^ RC[z]

where RC is viewed as a bit string.

The first round constant of the first round is 1, ...

Score: 0
dade avatar
What is the difference between HMAC-SHA3-512 and KMAC?
bt flag

Reading through the wikipedia entry for HMAC I see that SHA-3 can be used with the HMAC algorithm to give HMAC-SHA3-512.

I also know that there is KMAC, which from my understanding is a MAC construction designed specifically for KECCAK, basically SHA-3 and it makes use of CSHAKE.

Question now is what would be the difference between HMAC-SHA3-512 and KMAC? And when should one be used over the other? ...

Score: 4
Finlay Weber avatar
Is KMAC just SHA-3-256(KEY || message)
ng flag

According to keccak strengths you have:

Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does not need the HMAC nested construction. Instead, MAC computation can be performed by simply prepending the message with the key.

Meaning I can get a MAC of a message by just computing $\operatorname{SHA-3-256}(KEY \mathbin\| message)$. If this is the case, why then does

Score: 1
cryptobeginner avatar
Exact security requirements for extendable output functions (XOF)?
cn flag

In the FIPS202 document "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" an extendable-output functions is defined as:

An extendable-output function (XOF) is a function on bit strings (also called messages) in which the output can be extended to any desired length.

That is all the definition I could find on that. However, this definition does not capture the notion that the bi ...

Score: 0
Finlay Weber avatar
How do I use XOF (SHAKE and cSHAKE) in openssl CLI and JavaScript
ng flag

I am learning about hash functions and I just read about XOF (namely shake and cShake).

I will like to test this functions out by myself but I can't seem to find how to use it via the OpenSSL CLI or using a JavaScript library.

The JavaScript library I am using is but it does not seem to support XOF.

So how do I use XOF (SHAKE and cSHAKE) in openssl CLI and JavaSc ...

Score: 10
Arturo Roman avatar
Why is SHA3 more secure than SHA2?
in flag

Why are SHA3 algorithms considered more secure than their SHA2 counterparts? Surely in part, it is due to their resistance to length extension attacks. But specifically, when considering collision resistance they have the same O(n) attack times.

Is it because they are more resistant to preimage attacks?

Score: 0
Jaime avatar
Using hash of data as proof of integrity and preventing collision
us flag

Rather than storing user data when interacting with an app, I am storing the SHA3-256 of the data. This is because data storage in this particular environment is very limited.

The data can be several variables, e.g., a, b, and, c, but instead of saving them individually, I save the hash of the concatenation: SHA3(a,b,c).

When the user wants to interact with the system, they should send the variables ...

Score: -2
Arturo Roman avatar
What are the security flaws of SHA?
in flag

I have been researching SHA algorithms extensively, specifically SHA1, SHA2-256, SHA2-512, SHA3-256, and SHA3-512, and have found many instances of successful collision attacks as well as methods.

In my list are the following:

  • Brute Force attacks
    • Birthday attacks
    • Yuval's Birthday attack (improved birthday attack with different conditions)
  • Reduced round attacks
    • Successful on attacks on all SHA al ...