What's our story for Keccak (aka SHA-3)?

[public]

I hear @tiran knows about these things? I think SHA-3 missed the 3.4 merge window for some reason?

OpenSSL seems unlikely to get SHA-3 until there's a TLS cipher suite that needs it. It might be nice to get SHA-3 support before whenever that is, perhaps via a dedicated backend?

[Ayrx]

+1 on this. Is there a reference C implementation yet? (Have not kept up with SHA-3 news.)

[tiran]

SHA-3 has been removed from Python 3.4 beta because SHA-3 was not finalized before RC phase. I still maintain the standalone package. I'm going to work on SHAKE support and will release a new version in a couple of weeks.

See ticket #8, too.

[public]

Do we want to ship Keccak prior SHA-3 getting finalised fully?

The key encryption on keybase.io uses it and RFCs have already been published that suggest supporting it. It seems likely that even if SHA-3 gets standardised there will be incompatible software out there using slightly different Keccak parameters that we might want to support anyway.

[alex]

I think the answer is "no" for now. I'm going to mark this as closed and we can reopen/file a new issue in the future.

[mgrabovsky]

Can this (or #8) be reopened now?

[reaperhulk]

Until our C backends (specifically OpenSSL) support sha3 we don't have a good way to ship this. I will go ahead and reopen though because it's a relevant question now that it's finalized.

[cipherself]

@mgrabovsky Meanwhile, apparently Keccak's official website has a reference C implementation and a Python implementation http://keccak.noekeon.org/files.html

[alex]

We'll get this whenever it shows up in OpenSSL (or some other backend we support). Going to close this.

[mgrabovsky]

FYI: OpenSSL added support for SHA-3 in version 1.1.1.

[reaperhulk]

Yep, tracking landing support in #4197