Talk:GOST (hash function)

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Cryptography: Computer science Mid‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Mid This article has been rated as Mid-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Mid-importance).

I have removed the following quote as it is incomplete, it leads to wrong assumptions:

Bruce Schneier posted to sci.crypt on 12 November 1998 about GOST:
"GOST has a 256-bit key, but its key schedule is so weak that I would
not use it as a hash function under any circumstances."

The full thread is at http://groups.google.com/group/comp.security.misc/browse_thread/thread/a8bd5008491e12ae/da11ba880a76def2

>Bruce Schneier <schne...@counterpane.com> wrote:
>>GOST has a 256-bit key, but its key schedule is so weak that I would
>>not use it as a hash function under any circumstances. 
>IIRC there is a GOST hash function with 256-bit output, which is quite
>different from the GOST block cipher with the weak key schedule.  The
>hash function is intended for use with the GOST digital signature
>algorithm which is similar to DSA but with a 256-bit submodulus.

You're right.  I just read up on that hash function in Applied
Cryptography (which you would think I would remember better).  Again,
I don't know of any serious cryptanalysis of this hash function, and
would hesitate to use it.

Bruce

I have added a note to the article that there are two algorithms called GOST, a weak block cipher and a not-yet-analyzed hash function, also called GOST. I have also removed the GOST cipher reference from the article, as it discusses the cipher rather than the hash. Jonelo 19:32, 13 November 2005 (UTC)[reply]

Thanks for catching that. Is GOST "known to be weak", though? — Matt Crypto 20:56, 13 November 2005 (UTC)[reply]

I'm also not aware of a serious cryptoanalysis of the GOST hash function, but in my opinion the russion GOST hash function should considered to be not broken, pending proof to the contrary. According to the Key Schedule Cryptoanalysis at http://www.cs.berkeley.edu/~daw/papers/keysched-crypto96.ps the GOST cipher seems to be not very secure. Jonelo 20:16, 15 November 2005 (UTC)[reply]

The key word is "seems to". As far as I know, there is no published successful attack agains the GOST cipher. Anyway, speculations about the hash function based on the structure of a completely different cipher are more than arguable. MvR 10:43, 3 February 2006 (UTC)[reply]

Latest Cryptanalysis of the GOST Hash Function at https://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=80200&pCurrPk=36649 Jonelo (talk) 07:47, 21 August 2008 (UTC)[reply]

• As of today, the GOST R 34.11-94 hash function is very secure. The best know attack (published by F. Mendel, 2008) has complexity of 2^105 (link) compression function evaluations. It is impossible to find a collision for such complexity even using all computer power of the world. But the GOST hash is slow! About three times slower then SHA1! It should be mentioned somehow in the article, that it is very secure, but slower then most of SHA3 candidates. Rashless (talk) 18:03, 20 February 2010 (UTC)[reply]

Sorry, this is not true. In the western world, any algorithm that has attacks faster than their security design, is considered "broken" (faster than 2¹²⁸ for a 256-bit hash). Furthermore, security in cryptography is not "lack of known attacks". Rather, security is gained from cryptographers trying, but not succeeding, to break it. Given how obscure the GOST hash is, not much public cryptanalysis has been published about this algorithm. The fact that it's already broken, with this little interest, should tell you something about its security. -- intgr [talk] 15:12, 21 February 2010 (UTC)[reply]

• I've added more samples to the page, as some programs (notably libmhash and PHP) contain bug in GOST function calculation (see mhash mail list archive). The GOST (1000000 characters of 'a') hash is important to distinct wrong algorithms from working. This hash can be verified with the C programs mentioned in External links, or with C++ program from russian wiki GOST page. The GOST( 128 characters of 'U' ) sample is shorter message to test this bug. —Preceding unsigned comment added by Rashless (talk • contribs)

For the article: /*Even a small change in the message will, with overwhelming probability, result in a completely different hash due to the avalanche effect. For example, changing d to c*/ ASCII code for "d" is 0x64 and for "c" it is 0x63. XORing them together you get 0x07 - three bits changed and not only one....big change and no small change! (for the view of analysing cryptographic things) --93.220.241.169 (talk) 17:23, 14 November 2012 (UTC)[reply]

I'm removing GOST R 34.11-2012 from the list of standards at the beginning of the article, since it is a different hash function developed as a successor of GOST R 34.11-94, which is actually described here. I guess separate page for the new standard is needed (like in RuWiki). — Preceding unsigned comment added by 109.60.157.103 (talk) 20:06, 22 May 2015 (UTC)[reply]

Cyberbot II has detected links on GOST (hash function) which have been added to the blacklist, either globally or locally. Links tend to be blacklisted because they have a history of being spammed or are highly inappropriate for Wikipedia. The addition will be logged at one of these locations: local or global If you believe the specific link should be exempt from the blacklist, you may request that it is white-listed. Alternatively, you may request that the link is removed from or altered on the blacklist locally or globally. When requesting whitelisting, be sure to supply the link to be whitelisted and wrap the link in nowiki tags. Please do not remove the tag until the issue is resolved. You may set the invisible parameter to "true" whilst requests to white-list are being processed. Should you require any help with this process, please ask at the help desk.

Below is a list of links that were found on the main page:

• http://agora.guru.ru/csr2012/files/6.pdf

  Triggered by \bguru\b on the local blacklist

If you would like me to provide more information on the talk page, contact User:Cyberpower678 and ask him to program me with more info.

From your friendly hard working bot.—^{cyberbot II}_{Talk to my owner:Online} 01:03, 14 August 2015 (UTC)[reply]

Could someone add a pesudocode of the hash function? I do not understand how it works, because i am not so well educated in math, but i (and many others) understand i pseudocode add, xor, rot, a=b(c) [lookup table], mod, etc --79.206.198.151 (talk) 18:44, 1 June 2019 (UTC)[reply]