[Haskell-cafe] [ANNOUNCE] skein-0.1: Skein, a family of cryptographic hash functions. Includes Skein-MAC as well.

Felipe Almeida Lessa felipe.lessa at gmail.com
Thu Sep 22 03:00:24 CEST 2011


On Wed, Sep 21, 2011 at 5:19 PM, Vincent Hanquez <tab at snarc.org> wrote:
>> Also, it seems that cryptohash's Skein is currently broken.  The skein
>> package comes with the "golden" KATs sent by the Skein team to the
>> NIST, and passes everything.  OTOH, cryptohash's Skein256/Skein512 do
>> not agree with skein's Skein_256_256/Skein_512_512.  I've attached a
>> test suite that quickchecks if both implementations give the same
>> answer.  My hunch is that you are using the wrong constants, because
>> the first test case (the empty string) already fails:
>
> oops darn, thanks for reporting. i'll have a look at that ASAP; It used to
> work in the past, and i've copied some expected values from the original
> implementation in my small unit tests (which still pass :-/ ), so i'm a bit
> puzzle here.

Perhaps you have implemented some old version of Skein?  I know they
have changed the constants some times in the past.

Alas, their paper (I have "skein1.3.pdf", is there an updated
version?) actually has wrong test vectors.  For example, they say that
for "B.pack [0xFF]" the result should be "B.pack [0x0B, 0x98, 0xDC,
..., 0xD2]", while their own KAT says that the result should be
"B.pack [0xA4, 0x7B, 0xE7, ..., 0x91]".  Unfortunately, for the same
input cryptohash's Skein256 says that the result should be "B.pack
[0x42, 0xC8, 0x82, ..., 0xE8]" which is different from both =).  I
assume that the KATs included in the skein package have the "correct"
results since those KATs were given to the NIST.

Cheers, =)

-- 
Felipe.



More information about the Haskell-Cafe mailing list