Immediately following this years CRYPTO conference in Santa Barbara, NIST held The Second Cryptographic Hash Workshop.  From that link, you can access the papers and presentations from the workshop.  This, as some of you might know, is the think-tank for ideas that may eventually result in a new hash function standard.  For now, the SHA-256 is a good interim standard, but we’re going to need something new.  I, as are many others, would love to see an AES-style competition for a new hash function standard.  If it comes anywhere close to the success of the AES selection process, it would be yet another job-well-done by the cryptographic community.

I’m all for it.  Until then, if you need a standard, for whatever the reason, go with SHA-256 for a 128-bit level of security.  If you don’t need a standard, and are flexible to choose any primitive, I’d suggest looking at Whirlpool; it’s based on the wide trail design strategy that’s found in Rijndael’s (AES’s) design, and was co-designed by Vincent Rijmen (The “Rij” in “Rijndael.)  Until next time - cheers!

Minneapolis has this so-called “bait-car” program.  Simply put, the police use nice rides as decoys to lure in car thieves.  Concepts like this are certainly not new, but hey, it’s something I just read in the “news” and my first thought was that it’s analogous to honeypots, in some regards.  The article opens up with the mention of a Toyota Camry being used as a decoy.

Those of you who are aware of my habit of concocting portmanteaux shouldn’t be surprised at the title of this blog entry, which I’ve so guiltlessly dubbed, “Honeyota.”  Hehe.  I’m anxious to hear about any other similar concepts you folks have used to lure in attackers, even if just for the purpose of siphoning useful information that may aid in thwarting potential future attacks on crucial systems.

Cheers, y’all.