I’m a bit of a crypto nerd—though far from a practitioner or expert—so I’m on NIST‘s SHA-3 mailing list. The mailing list’s main purpose was to keep the contestant teams and other interested observers up to date on the competition. The winner was the Keccak team and just about everyone believes it was a good choice.
It’s NIST’s job to turn the Keccak algorithms into the SHA-3 standard. That’s were the trouble began. NIST made (what some call substantial) changes to the Keccak algorithm and reduced its security in service of increasing its speed. The list went crazy and now the technical press has taken note.
I don’t have the expertise to evaluate the arguments going back and forth but it is worth noting that the Keccak team is on board with the proposed changes. Last year that would have been the end of it but now everyone is donning their tin foil hats. After the Snowden revelations concerning the NSA’s successful attempt to weaken other crypto standards, I can’t understand what NIST is thinking.
Well, actually, I can. It’s the typical nerd reaction of, “the facts are on my side so I don’t have to pay attention to what anyone says about this.” The problem is most people—even most people who are going to use SHA-3 in their code—don’t have the wherewithal to make an informed judgment on the merits of the arguments but they sure understand that (1) NIST, by law, must solicit input from NSA and (2) the NSA is not to be trusted. Ever. Thus by forging ahead, NIST risks blowing up the whole SHA-3 process. As Schneier and others have said, there isn’t an urgent need for SHA-3 because the SHA-2 family is apt to be secure for some time. The careful (or paranoid) engineer is very apt to say, “Forget SHA-3, I’ll stick with SHA-512.”
That would be too bad but it’s exactly what NIST is risking by ignoring the public’s suspicion and distrust. It’s fine to dismiss them all as crazies who don’t understand the crypto but NIST has already shown itself susceptible to abuse at the hands of the NSA. Those “crazies” will just pick up their marbles and walk.