Talk:GOST (hash function)

Latest comment: 5 years ago by 79.206.198.151 in topic Request

Bruce Schneier quote

edit

I have removed the following quote as it is incomplete, it leads to wrong assumptions:

Bruce Schneier posted to sci.crypt on 12 November 1998 about GOST:
"GOST has a 256-bit key, but its key schedule is so weak that I would
not use it as a hash function under any circumstances."

The full thread is at http://groups.google.com/group/comp.security.misc/browse_thread/thread/a8bd5008491e12ae/da11ba880a76def2

>Bruce Schneier <schne...@counterpane.com> wrote:
>>GOST has a 256-bit key, but its key schedule is so weak that I would
>>not use it as a hash function under any circumstances. 
>IIRC there is a GOST hash function with 256-bit output, which is quite
>different from the GOST block cipher with the weak key schedule.  The
>hash function is intended for use with the GOST digital signature
>algorithm which is similar to DSA but with a 256-bit submodulus.

You're right.  I just read up on that hash function in Applied
Cryptography (which you would think I would remember better).  Again,
I don't know of any serious cryptanalysis of this hash function, and
would hesitate to use it.

Bruce

I have added a note to the article that there are two algorithms called GOST, a weak block cipher and a not-yet-analyzed hash function, also called GOST. I have also removed the GOST cipher reference from the article, as it discusses the cipher rather than the hash. Jonelo 19:32, 13 November 2005 (UTC)Reply

Thanks for catching that. Is GOST "known to be weak", though? — Matt Crypto 20:56, 13 November 2005 (UTC)Reply
I'm also not aware of a serious cryptoanalysis of the GOST hash function, but in my opinion the russion GOST hash function should considered to be not broken, pending proof to the contrary. According to the Key Schedule Cryptoanalysis at http://www.cs.berkeley.edu/~daw/papers/keysched-crypto96.ps the GOST cipher seems to be not very secure. Jonelo 20:16, 15 November 2005 (UTC)Reply
The key word is "seems to". As far as I know, there is no published successful attack agains the GOST cipher. Anyway, speculations about the hash function based on the structure of a completely different cipher are more than arguable. MvR 10:43, 3 February 2006 (UTC)Reply
Latest Cryptanalysis of the GOST Hash Function at https://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=80200&pCurrPk=36649 Jonelo (talk) 07:47, 21 August 2008 (UTC)Reply

Security

edit
  • As of today, the GOST R 34.11-94 hash function is very secure. The best know attack (published by F. Mendel, 2008) has complexity of 2^105 (link) compression function evaluations. It is impossible to find a collision for such complexity even using all computer power of the world. But the GOST hash is slow! About three times slower then SHA1! It should be mentioned somehow in the article, that it is very secure, but slower then most of SHA3 candidates. Rashless (talk) 18:03, 20 February 2010 (UTC)Reply
Sorry, this is not true. In the western world, any algorithm that has attacks faster than their security design, is considered "broken" (faster than 2128 for a 256-bit hash). Furthermore, security in cryptography is not "lack of known attacks". Rather, security is gained from cryptographers trying, but not succeeding, to break it. Given how obscure the GOST hash is, not much public cryptanalysis has been published about this algorithm. The fact that it's already broken, with this little interest, should tell you something about its security. -- intgr [talk] 15:12, 21 February 2010 (UTC)Reply
  • I've added more samples to the page, as some programs (notably libmhash and PHP) contain bug in GOST function calculation (see mhash mail list archive). The GOST (1000000 characters of 'a') hash is important to distinct wrong algorithms from working. This hash can be verified with the C programs mentioned in External links, or with C++ program from russian wiki GOST page. The GOST( 128 characters of 'U' ) sample is shorter message to test this bug. —Preceding unsigned comment added by Rashless (talkcontribs)

"Small" change in example ist a big one

edit

For the article: /*Even a small change in the message will, with overwhelming probability, result in a completely different hash due to the avalanche effect. For example, changing d to c*/ ASCII code for "d" is 0x64 and for "c" it is 0x63. XORing them together you get 0x07 - three bits changed and not only one....big change and no small change! (for the view of analysing cryptographic things) --93.220.241.169 (talk) 17:23, 14 November 2012 (UTC)Reply

GOST R 34.11-2012

edit

I'm removing GOST R 34.11-2012 from the list of standards at the beginning of the article, since it is a different hash function developed as a successor of GOST R 34.11-94, which is actually described here. I guess separate page for the new standard is needed (like in RuWiki). — Preceding unsigned comment added by 109.60.157.103 (talk) 20:06, 22 May 2015 (UTC)Reply

edit

Cyberbot II has detected links on GOST (hash function) which have been added to the blacklist, either globally or locally. Links tend to be blacklisted because they have a history of being spammed or are highly inappropriate for Wikipedia. The addition will be logged at one of these locations: local or global If you believe the specific link should be exempt from the blacklist, you may request that it is white-listed. Alternatively, you may request that the link is removed from or altered on the blacklist locally or globally. When requesting whitelisting, be sure to supply the link to be whitelisted and wrap the link in nowiki tags. Please do not remove the tag until the issue is resolved. You may set the invisible parameter to "true" whilst requests to white-list are being processed. Should you require any help with this process, please ask at the help desk.

Below is a list of links that were found on the main page:

  • http://agora.guru.ru/csr2012/files/6.pdf
    Triggered by \bguru\b on the local blacklist

If you would like me to provide more information on the talk page, contact User:Cyberpower678 and ask him to program me with more info.

From your friendly hard working bot.—cyberbot IITalk to my owner:Online 01:03, 14 August 2015 (UTC)Reply

Request

edit

Could someone add a pesudocode of the hash function? I do not understand how it works, because i am not so well educated in math, but i (and many others) understand i pseudocode add, xor, rot, a=b(c) [lookup table], mod, etc --79.206.198.151 (talk) 18:44, 1 June 2019 (UTC)Reply