Keccak/SHA3 — The new cryptographic hash algorithm standard

<!doctype html>

In case anybody missed out on one of the biggest news in the cryptography community recently — NIST (National Institute of Standards and Technology) has declared the winner for the new cryptographic hash function standard: SHA-3 (Secure Hash Algorithm v3.0).

Winner Keccak was announced on October 2nd 2012, after approximately 5 years when the competition started in November 2007. The new hash function is designed from the ground up and uses a sponge construction unlike SHA1 and SHA2(x) hash algorithms that use a Merkle–Damgård construction.

Previous algorithms including SHA1 are vulnerable to length extension attacks due to the type of the construction used in SHA1 and others. Keccak on the other hand is not bothered by such attacks as it's based on a randomized sponge construction which itself is invulnerable to such type of attacks.

One important thing to note is that Keccak is considerably slower than SHA1 and SHA2 algorithms by a factor of almost two. But it's screamingly fast when implemented in hardware.

I see that a lot of us care about security. We diss on every other news article when we get to hear about security bugs or leaks in some piece of software for e.g. Android or Windows or iOS. But I believe its essential to play your part in the game and keep up with the newer and advanced security technologies and standards.

So, I hope no one is using MD5 hash algorithm to hash their data anymore. MD5 is highly insecure and strictly deprecated. Even the secure hash algorithm — SHA1 is deemed — 'Do Not Use' in almost all cases. It's advised that you rather use some form of SHA2 and jump onto SHA3 as soon as possible.