Talk:Spectral Hash

From The ECRYPT Hash Function Website

According to NIST's FR call (section 4.A), it seems that Brandon Enright's partial collisions do break Spectral Hash. The relevant text is this:

"NIST expects the SHA–3 algorithm of message digest size n to meet the following security requirements at a minimum. [...] any result that shows that the candidate algorithm does not meet these requirements will be considered to be a serious attack. [...] Any m-bit hash function specified by taking a fixed subset of the candidate function's output bits is expected to meet the above requirements with m replacing n."

Should Spectral Hash be labeled broken, then?

Paulo.