Thursday, March 17, 2011

NIST SHA-3 Round 3 Finalists Announced

For any hard core software and security geeks out there who can appreciate encryption related acronyms like SHA and AES, in case you haven't heard, the National Institute of Standards and Technology has announced the Round 3 finalists for the SHA-3 competition.

Here is a link to the full report on the Round 2 reviews and selection process.

Secure, robust hash functions are critical to the implementation of certain aspects of computer security, so this competition and the peer review process is essential for ensuring that security measures remain effective as advances are made in tools and technologies that can potentially defeat existing hashing and encryption algorithms.

Unfortunately, I still regularly see software that uses SHA-1 hashing or DES encryption when better options have been available for over a decade.   For some low risk applications, these may be fine, but in most cases, implementing SHA-512 or AES is no more difficult, so it would be nice to see the newer standards implemented universally.

Dynamics GP has been occasionally criticized for some elements of its security, including pseudo-encryption in some areas, or complete lack of encryption in others.  While some of the criticisms have been specious and ill-informed, I consider some critiques to be valid, and would love to see future releases include additional security measures to make it easier to sell against newer packages that include greater emphasis on data encryption.

Here is a brief overview of the NIST hash project.

And here is a Wikipedia discussion of cryptographic hash functions.

Steve Endow is a Dynamics GP Certified Trainer and Dynamics GP Certified Professional.  He is also the owner of Precipio Services, which provides Dynamics GP integrations, customizations, and automation solutions.

No comments: