Sun, 10 Aug 2014

Here's an implementation of version 1.3 of the Skein cryptographic hash function. (To aid in pronunciation the name rhymes with rain and Spain.) It uses the reference implementation provided by Bruce Schneier on his website.

Skein was one of the finalists in the NIST competition to develop a new hash function called SHA-3. Skein made it all the way through to the end but was ultimately not selected. There was a later announcement that the winner, Keccak, would have some changes made so as to increase performance but some saw these changes as weakening it. Given that we know the NSA has played a role in weakening cryptographic standards, some wondered if this was such an attempt. Regardless of whether it was or not, the fact that there was such a huge uproar over the changes goes to show just how little trust there is of the NSA and NIST.

I'm not necessarily proposing that anyone not use NIST standards but at the same time, my interest in Skein comes specifically because it was not selected by NIST. While Skein can be used as a drop-in replacement for the entire SHA family of hash functions perhaps using multiple cryptographic hashes would be a good defense against any one of them being compromised, so here's one.

skeinsum is free software, as defined by the Free Software Foundation, licensed under the GNU GPL version 3 or (at your option) any later version.