On Wed, Sep 21, 2011 at 5:19 PM, Vincent Hanquez
Also, it seems that cryptohash's Skein is currently broken. The skein package comes with the "golden" KATs sent by the Skein team to the NIST, and passes everything. OTOH, cryptohash's Skein256/Skein512 do not agree with skein's Skein_256_256/Skein_512_512. I've attached a test suite that quickchecks if both implementations give the same answer. My hunch is that you are using the wrong constants, because the first test case (the empty string) already fails:
oops darn, thanks for reporting. i'll have a look at that ASAP; It used to work in the past, and i've copied some expected values from the original implementation in my small unit tests (which still pass :-/ ), so i'm a bit puzzle here.
Perhaps you have implemented some old version of Skein? I know they have changed the constants some times in the past. Alas, their paper (I have "skein1.3.pdf", is there an updated version?) actually has wrong test vectors. For example, they say that for "B.pack [0xFF]" the result should be "B.pack [0x0B, 0x98, 0xDC, ..., 0xD2]", while their own KAT says that the result should be "B.pack [0xA4, 0x7B, 0xE7, ..., 0x91]". Unfortunately, for the same input cryptohash's Skein256 says that the result should be "B.pack [0x42, 0xC8, 0x82, ..., 0xE8]" which is different from both =). I assume that the KATs included in the skein package have the "correct" results since those KATs were given to the NIST. Cheers, =) -- Felipe.