Talk:Skein (hash function)

Copyright
About copyright: The copyright bot is a bit overly agressive. This is a fair summery of the blog posting. And as one of the Skein authors I have permission to contribute this text to Wikipedia. [Niels] — Preceding unsigned comment added by NielsFerguson (talk • contribs)


 * For the record: referring to this edit -- intgr [talk] 10:29, 17 June 2013 (UTC)

skein-hash.info
Can someone figure out if http://skein-hash.info/ is an official Skein website or not? --Apoc2400 (talk) 22:18, 8 December 2008 (UTC)

I know this is late, but Bruce Schneier says it is. So there you go. — Gavia immer (talk) 15:57, 12 December 2008 (UTC)

Thanks. --Apoc2400 (talk) 16:16, 12 December 2008 (UTC)

seems to now be a spam site, please find original and fix link Bobkeyes (talk) 03:59, 17 June 2013 (UTC)


 * It is the real Skein website, they're just victims of comment spam. -- intgr [talk] 10:10, 17 June 2013 (UTC)

Rotational rebound attack
It is my understanding that the tweak to Skein version 1.3 cancels this attack, making the best known attack 33 rounds again (see http://www.schneier.com/blog/archives/2010/09/more_skein_news.html.) I don't think the published attack breaks collision resistance, either, though they do claim in the conclusion that the same techniques could be used for collision attacks. 46.9.12.210 (talk) 02:43, 15 December 2010 (UTC)


 * You are correct, I have updated the article. -- intgr [talk] 09:39, 15 December 2010 (UTC)

Tweak in response to cryptanalysis?
The article makes it sound like the tweak is a response to cryptanalysis, but Appendix D of the new Skein paper makes it sound like they did it because they could, because the tweaked version is even better and no slower. It's explicit that if NIST prefer not to accept the tweak for whatever reason they're happy to stand behind the original version. ciphergoth (talk) 14:44, 21 February 2011 (UTC)


 * I updated the paragraph, does it read better now? -- intgr [talk] 20:57, 21 February 2011 (UTC)

"In popular culture"
Skein is being used as part of the user input to today's episode of the webcomic xkcd. —Steve Summit (talk) 12:34, 1 April 2013 (UTC)

Not quite "popular culture" but if i heard correctly, Skein256 is used by the storage company SolidFire to fingerprint the data-blocks. The founder and CEO answers the question for the hash-algorithm used on this youtube video (cannot link because of spam protection - sorry) tfP4q3DIvz0?t=19m43s. Maybe you want to put that somewhere. Chris :) 217.70.211.15 (talk) 12:52, 8 February 2016 (UTC)

Hypertechnical
As noted by the "in popular culture" talk point above, I was driven here by xkcd. I'm not a computer scientist, nor do I play one on TV, so this page could use a little bit of plainer English prior to getting into the technicalities. I'm sure many people appreciate the details, and it is a huge challenge to render complex tech into English. Since I don't understand it in the first place, I can't translate (sorry). Thus, I've added a {technical} tag. Jed (talk) 15:51, 2 April 2013 (UTC)


 * If you want a less technical overview, read cryptographic hash function (the first link in the article). There are lots of different hash functions and I find it would be unreasonable to duplicate that sort of description for each hash function article. -- intgr [talk] 21:29, 2 April 2013 (UTC)


 * I removed the tag per above. --Surfer43_¿qué pasa? 01:12, 16 February 2014 (UTC)

User Guide Detailing Various Modes of Usage
The Skein hash function, as explained in the document is capable of more than just computing a HASH value of a message. There is a brief statement on how the hash function and tweak cipher (threefish) can be used to implement a number of cryptographic operations. The following is a partial list of operations taken from the original submission document.

1) Key Derivation Function (KDF) 2) Password-Based Key Derivation Function (KDF) 3) Cryptographic Pseudo-Random Number Generator (PRNG) 4) Stream Cipher 5) Randomized Hashing 6) Tree Hashing

While the document mentions each of these operations, it provides varying degrees of implementation detail for each topic with some so sparse that it is impossible to know for sure if an implementation is correct or not, or even how to do it.

Ideally, I would like to see an addition to the skein hash family reference page that that includes a comprehensive summary of each mode with detailed instructions and examples on how to unambiguously implement them.

Currently, I have been scanning the internet for various implementations done in different languages and packages and then comparing them all to see how each operation has been implemented. In some cases, the operations are not identical and there is no clear reference anywhere to resolve the discrepancy.

It would be very helpful and valuable to have a detailed "user guide" which focused primarily on how to implement practical code for the various modes of operation.

This would help ensure that cryptographic applications would be secure by providing known-good references for implementers to follow and verify against. Note that this would also include test vectors.

I would like to say that after having reviewed and worked with the Skein Hash and Threefish cipher, the authors/inventors are to be commended for having done an excellent and comprehensive design. I would love to know how to use it correctly to its fullest extent and I am certain there are many others who feel the same way.

Danq31415 (talk) 12:41, 19 May 2014 (UTC)


 * >It would be very helpful and valuable to have a detailed "user guide"
 * Perhaps, but Wikipedia is not the place for that. An encyclopedia is about aggregating knowledge from other reliable sources, not publishing original writings.
 * Also, cryptography primitives can only be considered secure if there are researchers trying to break them and failing. Skein did not win the SHA-3 competition, so it will have less review than the winner -- chances are it will be forgotten entirely. You may be doing your readers a disservice if you recommend using Skein or Threefish for whatever purpose. -- intgr [talk] 14:26, 19 May 2014 (UTC)